CMP supports real-time monitoring of Security Policy and Inventory. This feature is available for Azure and AWS subscriptions. CMP uses different services of AWS and Azure to accomplish this:
AWS Config and CloudTrail services of AWS for real-time monitoring of AWS Inventory and Security Policy
Event Hub service of Azure for real-time monitoring of Azure Inventory and Security Policy
Config Stream (AWS only)
To configure the real-time security policy monitoring for AWS,
Login as Tenant Admin.
Navigate to GOVERNANCE & SECURITY > SETTINGS. The discovery page with four tabs is displayed.
3. Click the Config Stream tab. The associated section is displayed.
4. Navigate to the Configuration Stream subsection and enter an appropriate name in the Topic Display Name text box.
5. Click Check Receiver Status. It validates the SQS configured in System Setting for Config Stream. On successful validation, the Create SNS Topic button is enabled.
6. Click Create SNS Topic to create the SNS topic.
To configure the Continuous Inventory Monitoring,
Login to CMP portal as Tenant Admin.
Navigate to GOVERNANCE & SECURITY > SETTINGS. The discovery page with four tabs is displayed.
3. Click the Config Stream tab. The associated section is displayed.
4. Navigate to the Continuous Resource Monitoring subsection and enter appropriate value in the CloudTrail Name text box.
5. Enter the URL in the SQS URL box, and click Start. The process starts.
NOTE: The CloudTrail Name and SQS URL is fetched from the AWS portal.
NOTE: AWS Config and CloudTrail are chargeable services of AWS
Continuous Monitoring - Azure
Continuous Monitoring allows real-time monitoring of the Security Policy and Inventory for Azure Subscriptions.
Note: Continuous Monitoring in CMP uses Event Hub, which is a chargeable service of Azure.
Prerequisite
To enable Continuous Monitoring for an Azure Subscription, Event Hub needs to be configured for the corresponding subscription.
Enable Continuous Monitoring
Continuous Monitoring is enabled automatically when an Azure subscription is onboarded with Event Hub configured OR an existing Azure account is updated with Event Hub details.
To check the status of Continuous Monitoring:
Login as Tenant Admin.
Navigate to Governance & Security -> Settings.
Click the Continuous Monitoring tab
If there is any Azure subscription onboarded with Event Hub configured, it will be listed here with the Monitoring Status. Highlighted portion below shows that Continuous Monitoring for the corresponding subscription is enabled.
To disable Continuous Monitoring, toggle to the left. It takes few minutes for the process to complete.
To enable Continuous Monitoring again, toggle to the right. It takes few minutes for the Continuous Monitoring to get enabled.
Application of Continuous Monitoring
For real-time monitoring of Security Policy:
Login as Tenant Admin / User
Navigate to Governance & Security -> Security Policies.
Click + Create Policy.
Enter Policy Name, Account, Region, and click Next.
Select the Rules and click Next.
Use the toggle button to Enable Continuous Monitoring for this Security Policy, and click Next.
Click Submit and wait until the policy is executed successfully and report is generated.
Navigate to Governance & Security -> Dashboard.
Select the Azure subscription used in the Security Policy, from the Account dropdown menu.
Monitor the Alerts wizard. It will show you the non-compliant Security Policy rules.
If any Azure resource which relates to any of the Rules in the Security Policy is Modified or Added or Deleted through Azure Portal or CMP, then the corresponding Rule(s) in the Security Policy are evaluated again in real-time. Rules which are found non-compliant on re-evaluation, will be reflected in the Alerts wizard at Governance & Security Dashboard after few minutes. The result of re-evaluation of the Rules in real-time will also be reflected in other wizards like Compliance Score, Violations, Security Posture By Policy, Policies in real-time.
Realtime Monitoring of Inventory
Continuous Monitoring allows real-time monitoring of Inventory in CMP. If any resource is Added or Deleted through Azure Portal or CMP in an Azure subscription, for which Continuous Monitoring is enabled, this will be reflected in few minutes in the Inventory.