From 69742e6615ac4f9c175b924f4a0f014f4fd218ea Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 26 Sep 2024 13:51:31 -0700 Subject: [PATCH 01/10] Updates AWS CSPM guides to include agentless option --- .../cspm-get-started-aws.asciidoc | 10 +++++++--- .../cloud-native-security/cspm-get-started.mdx | 12 ++++++++++-- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index 0ac9c8265c..a4429e0647 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -38,15 +38,19 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en . Click *Add Cloud Security Posture Management (CSPM)*. . Select *AWS*, then either *AWS Organization* to onboard multiple accounts, or *Single Account* to onboard an individual account. . Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`. +. (Optional) click **Advanced settings** to deploy the integration using agentless technology (beta). + [discrete] [[cspm-set-up-cloud-access-section]] == Set up cloud account access -The CSPM integration requires access to AWS’s built-in https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor[`SecurityAudit` IAM policy] in order to discover and evaluate resources in your cloud account. There are several ways to provide access. +The CSPM integration requires access to AWS's built-in https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor[`SecurityAudit` IAM policy] in order to discover and evaluate resources in your cloud account. There are several ways to provide access. For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below. +NOTE: Agentless deployments (beta) support two authentication methods: <> and <>. + [discrete] [[cspm-set-up-cloudformation]] === CloudFormation (recommended) @@ -208,7 +212,7 @@ image::images/cspm-aws-auth-3.png[The EC2 page in AWS, showing the Modify IAM ro .. Click *Update IAM role*. .. Return to {kib} and <>. -IMPORTANT: Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in {kib}, in the *Setup Access* section, select *Assume role* and leave *Role ARN* empty. Click *Save and continue*. +IMPORTANT: Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in {kib}, in the *Setup Access* section, select *Assume role*. Leave **Role ARN** empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click *Save and continue*. [discrete] [[cspm-use-keys-directly]] @@ -222,7 +226,7 @@ IMPORTANT: You must select *Programmatic access* when creating the IAM user. [discrete] [[cspm-use-temp-credentials]] === Option 3 - Temporary security credentials -You can configure temporary security credentials in AWS to last for a specified duration. They consist of an access key ID, a secret access key, and a security token, which is typically found using `GetSessionToken`. +You can configure temporary security credentials in AWS to last for a specified duration. They consist of an access key ID, a secret access key, and a session token, which is typically found using `GetSessionToken`. Because temporary security credentials are short term, once they expire, you will need to generate new ones and manually update the integration's configuration to continue collecting cloud posture data. Update the credentials before they expire to avoid data loss. diff --git a/docs/serverless/cloud-native-security/cspm-get-started.mdx b/docs/serverless/cloud-native-security/cspm-get-started.mdx index 0bfd0242cf..af5dd39044 100644 --- a/docs/serverless/cloud-native-security/cspm-get-started.mdx +++ b/docs/serverless/cloud-native-security/cspm-get-started.mdx @@ -41,14 +41,22 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en 1. Click **Add Cloud Security Posture Management (CSPM)**. 1. Select **AWS**, then either **AWS Organization** to onboard multiple accounts, or **Single Account** to onboard an individual account. 1. Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`. +1. (Optional) click **Advanced settings** to deploy the integration using agentless technology (beta). +
## Set up cloud account access -The CSPM integration requires access to AWS’s built-in [`SecurityAudit` IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor) in order to discover and evaluate resources in your cloud account. There are several ways to provide access. +The CSPM integration requires access to AWS's built-in [`SecurityAudit` IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor) in order to discover and evaluate resources in your cloud account. There are several ways to provide access. For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below. + +Agentless deployments (beta) support two authentication methods: +Direct access keys and Temporary keys. + + +
### CloudFormation (recommended) @@ -222,7 +230,7 @@ Follow AWS's [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/lates 1. Return to ((kib)) and finish manual setup. -Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in Kibana, in the **Setup Access** section, select **Assume role** and leave **Role ARN** empty. Click **Save and continue**. +Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in Kibana, in the **Setup Access** section, select **Assume role**. Leave **Role ARN** empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click **Save and continue**.
From 99c8b64fe0a631039dc46c7d24150a2db657c6f6 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 2 Oct 2024 11:32:10 -0700 Subject: [PATCH 02/10] Creates placeholder for agentless integrations page --- docs/getting-started/agentless-integrations.asciidoc | 3 +++ docs/getting-started/index.asciidoc | 1 + 2 files changed, 4 insertions(+) create mode 100644 docs/getting-started/agentless-integrations.asciidoc diff --git a/docs/getting-started/agentless-integrations.asciidoc b/docs/getting-started/agentless-integrations.asciidoc new file mode 100644 index 0000000000..9dd4624776 --- /dev/null +++ b/docs/getting-started/agentless-integrations.asciidoc @@ -0,0 +1,3 @@ +[[agentless-integrations]] += Agentless integration + diff --git a/docs/getting-started/index.asciidoc b/docs/getting-started/index.asciidoc index 53d590804a..1ef9d2bcda 100644 --- a/docs/getting-started/index.asciidoc +++ b/docs/getting-started/index.asciidoc @@ -17,6 +17,7 @@ include::security-ui.asciidoc[leveloffset=+1] include::ingest-data.asciidoc[leveloffset=+1] include::threat-intel-integrations.asciidoc[leveloffset=+2] include::automatic-import.asciidoc[leveloffset=+2] +include::agentless-integrations.asciidoc[leveloffset=+2] include::security-spaces.asciidoc[leveloffset=+1] From b9a2f29e4eb4d01d089950b0a626647ba6619fca Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 2 Oct 2024 11:32:51 -0700 Subject: [PATCH 03/10] Update docs/cloud-native-security/cspm-get-started-aws.asciidoc Co-authored-by: Joe Peeples --- docs/cloud-native-security/cspm-get-started-aws.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index a4429e0647..a8a1900285 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -38,7 +38,7 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en . Click *Add Cloud Security Posture Management (CSPM)*. . Select *AWS*, then either *AWS Organization* to onboard multiple accounts, or *Single Account* to onboard an individual account. . Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`. -. (Optional) click **Advanced settings** to deploy the integration using agentless technology (beta). +. beta:[] (Optional) Click **Advanced settings** to deploy the integration using agentless technology. From 02551f84d12c86ed0c99054022b344637ec61b30 Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 2 Oct 2024 11:32:59 -0700 Subject: [PATCH 04/10] Update docs/serverless/cloud-native-security/cspm-get-started.mdx Co-authored-by: Joe Peeples --- docs/serverless/cloud-native-security/cspm-get-started.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/serverless/cloud-native-security/cspm-get-started.mdx b/docs/serverless/cloud-native-security/cspm-get-started.mdx index af5dd39044..220990e420 100644 --- a/docs/serverless/cloud-native-security/cspm-get-started.mdx +++ b/docs/serverless/cloud-native-security/cspm-get-started.mdx @@ -41,7 +41,7 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en 1. Click **Add Cloud Security Posture Management (CSPM)**. 1. Select **AWS**, then either **AWS Organization** to onboard multiple accounts, or **Single Account** to onboard an individual account. 1. Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`. -1. (Optional) click **Advanced settings** to deploy the integration using agentless technology (beta). +1. (Optional) Click **Advanced settings** to deploy the integration using agentless technology.
From 99d6284b3cc80015d1db81589edceabaa0460c1f Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 2 Oct 2024 11:33:09 -0700 Subject: [PATCH 05/10] Update docs/cloud-native-security/cspm-get-started-aws.asciidoc Co-authored-by: Joe Peeples --- docs/cloud-native-security/cspm-get-started-aws.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index a8a1900285..7508b739a5 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -49,7 +49,7 @@ The CSPM integration requires access to AWS's built-in https://docs.aws.amazon.c For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below. -NOTE: Agentless deployments (beta) support two authentication methods: <> and <>. +NOTE: beta:[] Agentless deployments support two authentication methods: <> and <>. [discrete] [[cspm-set-up-cloudformation]] From a9dbee8472abce9b424ac4ba87bd4889a85ee45b Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein <91905639+benironside@users.noreply.github.com> Date: Wed, 2 Oct 2024 11:33:17 -0700 Subject: [PATCH 06/10] Update docs/serverless/cloud-native-security/cspm-get-started.mdx Co-authored-by: Joe Peeples --- docs/serverless/cloud-native-security/cspm-get-started.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/serverless/cloud-native-security/cspm-get-started.mdx b/docs/serverless/cloud-native-security/cspm-get-started.mdx index 220990e420..8b935e8148 100644 --- a/docs/serverless/cloud-native-security/cspm-get-started.mdx +++ b/docs/serverless/cloud-native-security/cspm-get-started.mdx @@ -52,7 +52,7 @@ The CSPM integration requires access to AWS's built-in [`SecurityAudit` IAM poli For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below. -Agentless deployments (beta) support two authentication methods: + Agentless deployments support two authentication methods: Direct access keys and Temporary keys. From fbcda4b7d4b524fa8994b1d6bbe85068440fe9de Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Wed, 2 Oct 2024 15:35:57 -0700 Subject: [PATCH 07/10] minor update --- docs/getting-started/agentless-integrations.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting-started/agentless-integrations.asciidoc b/docs/getting-started/agentless-integrations.asciidoc index 9dd4624776..2cf2a446e3 100644 --- a/docs/getting-started/agentless-integrations.asciidoc +++ b/docs/getting-started/agentless-integrations.asciidoc @@ -1,3 +1,3 @@ [[agentless-integrations]] -= Agentless integration += Agentless integrations From 75a273f12ccfd45dcbbc62cc2dcffe6f06dff14f Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Fri, 11 Oct 2024 11:36:36 -0700 Subject: [PATCH 08/10] Adds agentless options to CSPM docs --- .../cspm-get-started-aws.asciidoc | 18 +++++++++++++++--- .../cspm-get-started-azure.asciidoc | 12 ++++++++++++ .../cspm-get-started-gcp.asciidoc | 14 ++++++++++++++ docs/cloud-native-security/cspm.asciidoc | 2 +- .../agentless-integrations.asciidoc | 7 +++++++ 5 files changed, 49 insertions(+), 4 deletions(-) diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index 7508b739a5..86f465ec2b 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -30,6 +30,21 @@ This page explains how to get started monitoring the security posture of your cl You can set up CSPM for AWS either by enrolling a single cloud account, or by enrolling an organization containing multiple accounts. Either way, first you will add the CSPM integration, then enable cloud account access. +[discrete] +[[cspm-aws-agentless]] +== Agentless deployment option +beta::[] + +The steps to create an agentless deployment are similar to those to create an agent-based deployment. To deploy using agentless technology, follow the instructions below with the following modifications: + +. On the **Add Cloud Security Posture Management (CSPM) integration** page, after you name your integration and give it a description, click **Advanced options** then select **Agentless (BETA)**. +. Once you've selected **Agentless (BETA)**, you'll need to authenticate to AWS. Agentless AWS deployments support authentication via <>, and by two manual authentication methods: <> and <>. +. Once you've selected an authentication method and provided any necessary credentials, click **Save and continue** to finish deployment. + +[discrete] +[[cspm-aws-agent-based]] +== Agent-based deployment + [discrete] [[cspm-add-and-name-integration]] == Add the CSPM integration @@ -38,8 +53,6 @@ You can set up CSPM for AWS either by enrolling a single cloud account, or by en . Click *Add Cloud Security Posture Management (CSPM)*. . Select *AWS*, then either *AWS Organization* to onboard multiple accounts, or *Single Account* to onboard an individual account. . Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`. -. beta:[] (Optional) Click **Advanced settings** to deploy the integration using agentless technology. - [discrete] @@ -49,7 +62,6 @@ The CSPM integration requires access to AWS's built-in https://docs.aws.amazon.c For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below. -NOTE: beta:[] Agentless deployments support two authentication methods: <> and <>. [discrete] [[cspm-set-up-cloudformation]] diff --git a/docs/cloud-native-security/cspm-get-started-azure.asciidoc b/docs/cloud-native-security/cspm-get-started-azure.asciidoc index 101a8e2ffc..887a572dc8 100644 --- a/docs/cloud-native-security/cspm-get-started-azure.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-azure.asciidoc @@ -31,6 +31,18 @@ This page explains how to get started monitoring the security posture of your cl You can set up CSPM for Azure by by enrolling an Azure organization (management group) containing multiple subscriptions, or by enrolling a single subscription. Either way, first add the CSPM integration, then enable cloud account access. +[discrete] +[[cspm-azure-agentless]] +== Agentless deployment option +beta::[] + +The steps to create an agentless deployment are similar to those to create an agent-based deployment. To deploy using agentless technology, follow the instructions below with the following modifications: + +. On the **Add Cloud Security Posture Management (CSPM) integration** page, after you name your integration and give it a description, click **Advanced options** then select **Agentless (BETA)**. +. Once you've selected **Agentless (BETA)**, you'll need to authenticate to Azure. Agentless Azure deployments support authentication via the <> method described below. +. Once you've selected an authentication method and provided any necessary credentials, click **Save and continue** to finish deployment. + + [discrete] [[cspm-add-and-name-integration-azure]] === Add your CSPM integration diff --git a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc index dec49e4ccc..fc90860f72 100644 --- a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc @@ -30,6 +30,20 @@ This page explains how to get started monitoring the security posture of your GC You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable cloud account access. +[discrete] +[[cspm-gcp-agentless]] +== Agentless deployment option +beta::[] + +The steps to create an agentless deployment are similar to those to create an agent-based deployment. To deploy using agentless technology, follow the instructions below with the following modifications: + +. On the **Add Cloud Security Posture Management (CSPM) integration** page, after you name your integration and give it a description, click **Advanced options** then select **Agentless (BETA)**. +. Once you've selected **Agentless (BETA)**, click **Steps to Generate GCP Account Credentials** under **Setup Access**. Follow the instructions that appear to generate the necessary GCP credentials. +. Once you've entered your credentials under **Credentials json**, click **Save and continue** to deploy your integration. + +[discrete] +[[cspm-gcp-agent-based]] +== Agent-based deployment [discrete] [[cspm-add-and-name-integration-gcp]] diff --git a/docs/cloud-native-security/cspm.asciidoc b/docs/cloud-native-security/cspm.asciidoc index 6ffeb3a1c7..532f2efe3e 100644 --- a/docs/cloud-native-security/cspm.asciidoc +++ b/docs/cloud-native-security/cspm.asciidoc @@ -3,7 +3,7 @@ The Cloud Security Posture Management (CSPM) feature discovers and evaluates the services in your cloud environment — like storage, compute, IAM, and more — against configuration security guidelines defined by the https://www.cisecurity.org/[Center for Internet Security] (CIS) to help you identify and remediate risks that could undermine the confidentiality, integrity, and availability of your cloud data. -This feature currently supports Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. For step-by-step getting started guides, refer to <>, <>, or <>. +This feature currently supports agentless and agent-based deployments on Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. For step-by-step getting started guides, refer to <>, <>, or <>. .Requirements [sidebar] diff --git a/docs/getting-started/agentless-integrations.asciidoc b/docs/getting-started/agentless-integrations.asciidoc index 2cf2a446e3..d0aab1c39a 100644 --- a/docs/getting-started/agentless-integrations.asciidoc +++ b/docs/getting-started/agentless-integrations.asciidoc @@ -1,3 +1,10 @@ [[agentless-integrations]] = Agentless integrations +beta::[] + +Agentless integrations provide a means to ingest data while avoiding the orchestration, management, and maintenance needs associated with standard ingest infrastructure. Using agentless integrations makes manual agent deployment unnecessary, allowing you to focus on your data instead of the agent that collects it. + +We currently support one agentless integration: cloud security posture management (CSPM). Using this integration's agentless deployment option, you can enable Elastic's CSPM capabilities just by providing the necessary credentials. Agentless CSPM deployments support AWS, Azure, and GCP accounts. + +To learn more about agentless CSPM deployments, refer to the getting started guides for CSPM on <>, <>, or <>. \ No newline at end of file From d45719bf4d8fc75b68905a1a05835ed8ae51d4fb Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Tue, 22 Oct 2024 16:48:36 -0700 Subject: [PATCH 09/10] Expand steps within the relevant sections --- .../cspm-get-started-aws.asciidoc | 41 +++++++++++-------- .../cspm-get-started-azure.asciidoc | 21 ++++++---- .../cspm-get-started-gcp.asciidoc | 18 ++++---- 3 files changed, 47 insertions(+), 33 deletions(-) diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index 86f465ec2b..29320f089b 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -28,18 +28,23 @@ This page explains how to get started monitoring the security posture of your cl [[cspm-setup]] == Set up CSPM for AWS -You can set up CSPM for AWS either by enrolling a single cloud account, or by enrolling an organization containing multiple accounts. Either way, first you will add the CSPM integration, then enable cloud account access. +You can set up CSPM for AWS either by enrolling a single cloud account, or by enrolling an organization containing multiple accounts. Either way, first you will add the CSPM integration, then enable cloud account access. Two deployments technologies are available: agentless, and agent-based. <> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <> requires you to deploy and manage an agent in the cloud account you want to monitor. [discrete] [[cspm-aws-agentless]] -== Agentless deployment option +== Agentless deployment beta::[] -The steps to create an agentless deployment are similar to those to create an agent-based deployment. To deploy using agentless technology, follow the instructions below with the following modifications: - -. On the **Add Cloud Security Posture Management (CSPM) integration** page, after you name your integration and give it a description, click **Advanced options** then select **Agentless (BETA)**. -. Once you've selected **Agentless (BETA)**, you'll need to authenticate to AWS. Agentless AWS deployments support authentication via <>, and by two manual authentication methods: <> and <>. -. Once you've selected an authentication method and provided any necessary credentials, click **Save and continue** to finish deployment. +. From the Elastic Security *Get started* page, click *Add integrations*. +. Search for `CSPM`, then click on the result. +. Click *Add Cloud Security Posture Management (CSPM)*. +. Select *AWS*, then either *AWS Organization* to onboard multiple accounts, or *Single Account* to onboard an individual account. +. Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`. +. Click **Advanced options** then select **Agentless (BETA)**. +. Next, you'll need to authenticate to AWS. Two methods are available: +.. Option 1: Direct access keys / CloudFormation (Recommended). Under **Preferred method** select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the instructions that appear to automatically create the necessary credentials using CloudFormation. +.. Option 2: Temporary keys. To authenticate using temporary keys, refer to the instructions for <>. +. Once you've selected an authentication method and provided all necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes. [discrete] [[cspm-aws-agent-based]] @@ -47,7 +52,7 @@ The steps to create an agentless deployment are similar to those to create an ag [discrete] [[cspm-add-and-name-integration]] -== Add the CSPM integration +=== Add the CSPM integration . From the Elastic Security *Get started* page, click *Add integrations*. . Search for `CSPM`, then click on the result. . Click *Add Cloud Security Posture Management (CSPM)*. @@ -57,7 +62,7 @@ The steps to create an agentless deployment are similar to those to create an ag [discrete] [[cspm-set-up-cloud-access-section]] -== Set up cloud account access +=== Set up cloud account access The CSPM integration requires access to AWS's built-in https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor[`SecurityAudit` IAM policy] in order to discover and evaluate resources in your cloud account. There are several ways to provide access. For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below. @@ -84,7 +89,7 @@ When you return to {kib}, click *View assets* to review the data being collected [discrete] [[cspm-setup-organization-manual]] -== Manual authentication for organization-level onboarding +=== Manual authentication for organization-level onboarding NOTE: If you're onboarding a single account instead of an organization, skip this section. @@ -184,7 +189,7 @@ IMPORTANT: When deploying to an organization using any of the authentication met [discrete] [[cspm-set-up-manual]] -== Manual authentication methods +=== Manual authentication methods * <> * <> @@ -196,7 +201,7 @@ IMPORTANT: Whichever method you use to authenticate, make sure AWS’s built-in [discrete] [[cspm-use-instance-role]] -=== Option 1 - Default instance role +==== Option 1 - Default instance role NOTE: If you are deploying to an AWS organization instead of an AWS account, you should already have <>, `cloudbeat-root`. Skip to step 2 "Attach your new IAM role to an EC2 instance", and attach this role. You can use either an existing or new EC2 instance. @@ -224,11 +229,11 @@ image::images/cspm-aws-auth-3.png[The EC2 page in AWS, showing the Modify IAM ro .. Click *Update IAM role*. .. Return to {kib} and <>. -IMPORTANT: Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in {kib}, in the *Setup Access* section, select *Assume role*. Leave **Role ARN** empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click *Save and continue*. +IMPORTANT: Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in {kib}, in the *Setup Access* section, select *Assume role*. Leave **Role ARN** empty for agentless deployments. For agent-based deployments, leave it empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click *Save and continue*. [discrete] [[cspm-use-keys-directly]] -=== Option 2 - Direct access keys +==== Option 2 - Direct access keys Access keys are long-term credentials for an IAM user or AWS account root user. To use access keys as credentials, you must provide the `Access key ID` and the `Secret Access Key`. After you provide credentials, <>. For more details, refer to https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html[Access Keys and Secret Access Keys]. @@ -237,7 +242,7 @@ IMPORTANT: You must select *Programmatic access* when creating the IAM user. [discrete] [[cspm-use-temp-credentials]] -=== Option 3 - Temporary security credentials +==== Option 3 - Temporary security credentials You can configure temporary security credentials in AWS to last for a specified duration. They consist of an access key ID, a secret access key, and a session token, which is typically found using `GetSessionToken`. Because temporary security credentials are short term, once they expire, you will need to generate new ones and manually update the integration's configuration to continue collecting cloud posture data. Update the credentials before they expire to avoid data loss. @@ -261,7 +266,7 @@ After you provide credentials, <>. [discrete] [[cspm-use-a-shared-credentials-file]] -=== Option 4 - Shared credentials file +==== Option 4 - Shared credentials file If you use different AWS credentials for different tools or applications, you can use profiles to define multiple access keys in the same configuration file. For more details, refer to AWS' https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html[Shared Credentials Files] documentation. Instead of providing the `Access key ID` and `Secret Access Key` to the integration, provide the information required to locate the access keys within the shared credentials file: @@ -280,14 +285,14 @@ After providing credentials, <>. [discrete] [[cspm-use-iam-arn]] -=== Option 5 - IAM role Amazon Resource Name (ARN) +==== Option 5 - IAM role Amazon Resource Name (ARN) An IAM role Amazon Resource Name (ARN) is an IAM identity that you can create in your AWS account. You define the role's permissions. Roles do not have standard long-term credentials such as passwords or access keys. Instead, when you assume a role, it provides temporary security credentials for your session. To use an IAM role ARN, select *Assume role* under *Preferred manual method*, enter the ARN, and continue to Finish manual setup. [discrete] [[cspm-finish-manual]] -== Finish manual setup +=== Finish manual setup Once you’ve provided AWS credentials, under *Where to add this integration*: If you want to monitor an AWS account or organization where you have not yet deployed {agent}: diff --git a/docs/cloud-native-security/cspm-get-started-azure.asciidoc b/docs/cloud-native-security/cspm-get-started-azure.asciidoc index 887a572dc8..caf298b48b 100644 --- a/docs/cloud-native-security/cspm-get-started-azure.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-azure.asciidoc @@ -28,20 +28,25 @@ This page explains how to get started monitoring the security posture of your cl [[cspm-setup-azure]] == Set up CSPM for Azure -You can set up CSPM for Azure by by enrolling an Azure organization (management group) containing multiple subscriptions, or by enrolling a single subscription. Either way, first add the CSPM integration, then enable cloud account access. - +You can set up CSPM for Azure by by enrolling an Azure organization (management group) containing multiple subscriptions, or by enrolling a single subscription. Either way, first add the CSPM integration, then enable cloud account access. Two deployments technologies are available: agentless, and agent-based. <> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <> requires you to deploy and manage an agent in the cloud account you want to monitor. [discrete] [[cspm-azure-agentless]] -== Agentless deployment option +== Agentless deployment beta::[] -The steps to create an agentless deployment are similar to those to create an agent-based deployment. To deploy using agentless technology, follow the instructions below with the following modifications: - -. On the **Add Cloud Security Posture Management (CSPM) integration** page, after you name your integration and give it a description, click **Advanced options** then select **Agentless (BETA)**. -. Once you've selected **Agentless (BETA)**, you'll need to authenticate to Azure. Agentless Azure deployments support authentication via the <> method described below. -. Once you've selected an authentication method and provided any necessary credentials, click **Save and continue** to finish deployment. +. From the Elastic Security *Get started* page, click *Add integrations*. +. Search for `CSPM`, then click on the result. +. Click *Add Cloud Security Posture Management (CSPM)*. +. Select *Azure*, then either *Azure Organization* to onboard your whole organization, or *Single Subscription* to onboard an individual subscription. +. Give your integration a name that matches the purpose or team of the Azure subscription/organization you want to monitor, for example, `dev-azure-account`. +. Click **Advanced options** then select **Agentless (BETA)**. +. Next, you'll need to authenticate to Azure by providing a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to <>. +. Once you've provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes. +[discrete] +[[cspm-azure-agent-based]] +== Agent-based deployment [discrete] [[cspm-add-and-name-integration-azure]] diff --git a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc index fc90860f72..9a76382747 100644 --- a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc @@ -26,20 +26,24 @@ This page explains how to get started monitoring the security posture of your GC [discrete] [[cspm-setup-gcp]] -== Initial setup +== Set up CSPM for GCP -You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable cloud account access. +You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable cloud account access. Two deployments technologies are available: agentless, and agent-based. <> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <> requires you to deploy and manage an agent in the cloud account you want to monitor. [discrete] [[cspm-gcp-agentless]] -== Agentless deployment option +== Agentless deployment beta::[] -The steps to create an agentless deployment are similar to those to create an agent-based deployment. To deploy using agentless technology, follow the instructions below with the following modifications: +. From the Elastic Security *Get started* page, click *Add integrations*. +. Search for `CSPM`, then click on the result. +. Click *Add Cloud Security Posture Management (CSPM)*. +. Select *GCP*, then either *GCP Organization* to onboard your whole organization, or *Single Account* to onboard an individual account. +. Give your integration a name that matches the purpose or team of the GCP subscription/organization you want to monitor, for example, `dev-gcp-account`. +. Click **Advanced options** then select **Agentless (BETA)**. +. Next, you'll need to authenticate to GCP. Expand the **Steps to Generate GCP Account Credentials** section, then follow the instructions that appear to automatically create the necessary credentials using Google Cloud Shell. +. Once you've provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes. -. On the **Add Cloud Security Posture Management (CSPM) integration** page, after you name your integration and give it a description, click **Advanced options** then select **Agentless (BETA)**. -. Once you've selected **Agentless (BETA)**, click **Steps to Generate GCP Account Credentials** under **Setup Access**. Follow the instructions that appear to generate the necessary GCP credentials. -. Once you've entered your credentials under **Credentials json**, click **Save and continue** to deploy your integration. [discrete] [[cspm-gcp-agent-based]] From 8a7639128963b9a320811f5fc42df8eda898093b Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Thu, 24 Oct 2024 11:36:35 -0700 Subject: [PATCH 10/10] Adds serverless updates --- .../cspm-get-started-aws.asciidoc | 4 +- .../cspm-get-started-azure.asciidoc | 2 +- .../cspm-get-started-gcp.asciidoc | 2 +- .../cspm-get-started-azure.mdx | 21 +++++++- .../cspm-get-started-gcp.mdx | 22 +++++++- .../cspm-get-started.mdx | 50 ++++++++++++------- .../serverless/cloud-native-security/cspm.mdx | 2 +- .../ingest/agentless-integrations.mdx | 14 ++++++ .../serverless-security.docnav.json | 3 ++ 9 files changed, 93 insertions(+), 27 deletions(-) create mode 100644 docs/serverless/ingest/agentless-integrations.mdx diff --git a/docs/cloud-native-security/cspm-get-started-aws.asciidoc b/docs/cloud-native-security/cspm-get-started-aws.asciidoc index 29320f089b..3531051506 100644 --- a/docs/cloud-native-security/cspm-get-started-aws.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-aws.asciidoc @@ -28,7 +28,7 @@ This page explains how to get started monitoring the security posture of your cl [[cspm-setup]] == Set up CSPM for AWS -You can set up CSPM for AWS either by enrolling a single cloud account, or by enrolling an organization containing multiple accounts. Either way, first you will add the CSPM integration, then enable cloud account access. Two deployments technologies are available: agentless, and agent-based. <> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <> requires you to deploy and manage an agent in the cloud account you want to monitor. +You can set up CSPM for AWS either by enrolling a single cloud account, or by enrolling an organization containing multiple accounts. Either way, first you will add the CSPM integration, then enable cloud account access. Two deployment technologies are available: agentless, and agent-based. <> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <> requires you to deploy and manage an agent in the cloud account you want to monitor. [discrete] [[cspm-aws-agentless]] @@ -229,7 +229,7 @@ image::images/cspm-aws-auth-3.png[The EC2 page in AWS, showing the Modify IAM ro .. Click *Update IAM role*. .. Return to {kib} and <>. -IMPORTANT: Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in {kib}, in the *Setup Access* section, select *Assume role*. Leave **Role ARN** empty for agentless deployments. For agent-based deployments, leave it empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click *Save and continue*. +IMPORTANT: Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in {kib}, in the **Setup Access* section, select *Assume role**. Leave **Role ARN** empty for agentless deployments. For agent-based deployments, leave it empty unless you want to specify a role the {agent} should assume instead of the default role for your EC2 instance. Click **Save and continue**. [discrete] [[cspm-use-keys-directly]] diff --git a/docs/cloud-native-security/cspm-get-started-azure.asciidoc b/docs/cloud-native-security/cspm-get-started-azure.asciidoc index caf298b48b..95a6cbaaad 100644 --- a/docs/cloud-native-security/cspm-get-started-azure.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-azure.asciidoc @@ -28,7 +28,7 @@ This page explains how to get started monitoring the security posture of your cl [[cspm-setup-azure]] == Set up CSPM for Azure -You can set up CSPM for Azure by by enrolling an Azure organization (management group) containing multiple subscriptions, or by enrolling a single subscription. Either way, first add the CSPM integration, then enable cloud account access. Two deployments technologies are available: agentless, and agent-based. <> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <> requires you to deploy and manage an agent in the cloud account you want to monitor. +You can set up CSPM for Azure by by enrolling an Azure organization (management group) containing multiple subscriptions, or by enrolling a single subscription. Either way, first add the CSPM integration, then enable cloud account access. Two deployment technologies are available: agentless, and agent-based. <> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <> requires you to deploy and manage an agent in the cloud account you want to monitor. [discrete] [[cspm-azure-agentless]] diff --git a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc index 9a76382747..66337961c0 100644 --- a/docs/cloud-native-security/cspm-get-started-gcp.asciidoc +++ b/docs/cloud-native-security/cspm-get-started-gcp.asciidoc @@ -28,7 +28,7 @@ This page explains how to get started monitoring the security posture of your GC [[cspm-setup-gcp]] == Set up CSPM for GCP -You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable cloud account access. Two deployments technologies are available: agentless, and agent-based. <> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <> requires you to deploy and manage an agent in the cloud account you want to monitor. +You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable cloud account access. Two deployment technologies are available: agentless, and agent-based. <> allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. <> requires you to deploy and manage an agent in the cloud account you want to monitor. [discrete] [[cspm-gcp-agentless]] diff --git a/docs/serverless/cloud-native-security/cspm-get-started-azure.mdx b/docs/serverless/cloud-native-security/cspm-get-started-azure.mdx index 3a7d056a4b..711ebbf6fd 100644 --- a/docs/serverless/cloud-native-security/cspm-get-started-azure.mdx +++ b/docs/serverless/cloud-native-security/cspm-get-started-azure.mdx @@ -31,7 +31,26 @@ This page explains how to get started monitoring the security posture of your cl ## Set up CSPM for Azure -You can set up CSPM for Azure by by enrolling an Azure organization (management group) containing multiple subscriptions, or by enrolling a single subscription. Either way, first add the CSPM integration, then enable cloud account access. +You can set up CSPM for Azure by by enrolling an Azure organization (management group) containing multiple subscriptions, or by enrolling a single subscription. Either way, first add the CSPM integration, then enable cloud account access. Two deployment technologies are available: agentless, and agent-based. Agentless deployment allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. Agent-based deployment requires you to deploy and manage an agent in the cloud account you want to monitor. + +
+ +## Agentless deployment + + +. From the Elastic Security **Get started** page, click **Add integrations**. +. Search for `CSPM`, then click on the result. +. Click **Add Cloud Security Posture Management (CSPM)**. +. Select **Azure**, then either **Azure Organization** to onboard your whole organization, or **Single Subscription** to onboard an individual subscription. +. Give your integration a name that matches the purpose or team of the Azure subscription/organization you want to monitor, for example, `dev-azure-account`. +. Click **Advanced options** then select **Agentless (BETA)**. +. Next, you'll need to authenticate to Azure by providing a **Client ID**, **Tenant ID**, and **Client Secret**. To learn how to generate them, refer to Service principal with client secret . +. Once you've provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes. + +
+ +## Agent-based deployment +
diff --git a/docs/serverless/cloud-native-security/cspm-get-started-gcp.mdx b/docs/serverless/cloud-native-security/cspm-get-started-gcp.mdx index a72b65a3b7..935b5f1cfd 100644 --- a/docs/serverless/cloud-native-security/cspm-get-started-gcp.mdx +++ b/docs/serverless/cloud-native-security/cspm-get-started-gcp.mdx @@ -29,9 +29,27 @@ This page explains how to get started monitoring the security posture of your cl
-## Initial setup +## Set up CSPM for GCP -You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable cloud account access. +You can set up CSPM for GCP either by enrolling a single project, or by enrolling an organization containing multiple projects. Either way, you need to first add the CSPM integration, then enable cloud account access. Two deployment technologies are available: agentless, and agent-based. Agentless deployment allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. Agent-based deployment requires you to deploy and manage an agent in the cloud account you want to monitor. + +
+ +## Agentless deployment + + +1. From the Elastic Security *Get started* page, click *Add integrations*. +1. Search for `CSPM`, then click on the result. +1. Click **Add Cloud Security Posture Management (CSPM)**. +1. Select **GCP**, then either **GCP Organization** to onboard your whole organization, or **Single Account** to onboard an individual account. +1. Give your integration a name that matches the purpose or team of the GCP subscription/organization you want to monitor, for example, `dev-gcp-account`. +1. Click **Advanced options** then select **Agentless (BETA)**. +1. Next, you'll need to authenticate to GCP. Expand the **Steps to Generate GCP Account Credentials** section, then follow the instructions that appear to automatically create the necessary credentials using Google Cloud Shell. +1. Once you've provided the necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes. + +
+ +## Agent-based deployment
diff --git a/docs/serverless/cloud-native-security/cspm-get-started.mdx b/docs/serverless/cloud-native-security/cspm-get-started.mdx index 8b935e8148..52ab7c8432 100644 --- a/docs/serverless/cloud-native-security/cspm-get-started.mdx +++ b/docs/serverless/cloud-native-security/cspm-get-started.mdx @@ -31,32 +31,44 @@ This page explains how to get started monitoring the security posture of your cl ## Set up CSPM for AWS -You can set up CSPM for AWS either by enrolling a single cloud account, or by enrolling an organization containing multiple accounts. Either way, first you will add the CSPM integration, then enable cloud account access. +You can set up CSPM for AWS either by enrolling a single cloud account, or by enrolling an organization containing multiple accounts. Either way, first you will add the CSPM integration, then enable cloud account access. Two deployment technologies are available: agentless, and agent-based. Agentless deployment allows you to collect cloud posture data without having to manage the deployment of an agent in your cloud. Agent-based deployment requires you to deploy and manage an agent in the cloud account you want to monitor. + +
+ +## Agentless deployment + + +. From the Elastic Security *Get started* page, click *Add integrations*. +. Search for `CSPM`, then click on the result. +. Click *Add Cloud Security Posture Management (CSPM)*. +. Select *AWS*, then either *AWS Organization* to onboard multiple accounts, or *Single Account* to onboard an individual account. +. Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`. +. Click **Advanced options** then select **Agentless (BETA)**. +. Next, you'll need to authenticate to AWS. Two methods are available: +.. Option 1: Direct access keys / CloudFormation (Recommended). Under **Preferred method** select **Direct access keys**. Expand the **Steps to Generate AWS Account Credentials** section, then follow the instructions that appear to automatically create the necessary credentials using CloudFormation. +.. Option 2: Temporary keys. To authenticate using temporary keys, refer to the instructions for Temporary keys +. Once you've selected an authentication method and provided all necessary credentials, click **Save and continue** to finish deployment. Your data should start to appear within a few minutes. + +
+ +## Agent-based deployment
-## Add the CSPM integration +### Add the CSPM integration 1. From the Elastic Security **Get started** page, click **Add integrations**. 1. Search for `CSPM`, then click on the result. 1. Click **Add Cloud Security Posture Management (CSPM)**. 1. Select **AWS**, then either **AWS Organization** to onboard multiple accounts, or **Single Account** to onboard an individual account. 1. Give your integration a name that matches the purpose or team of the AWS account/organization you want to monitor, for example, `dev-aws-account`. -1. (Optional) Click **Advanced settings** to deploy the integration using agentless technology. -
-## Set up cloud account access +### Set up cloud account access The CSPM integration requires access to AWS's built-in [`SecurityAudit` IAM policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_job-functions.html#jf_security-auditor) in order to discover and evaluate resources in your cloud account. There are several ways to provide access. For most use cases, the simplest option is to use AWS CloudFormation to automatically provision the necessary resources and permissions in your AWS account. This method, as well as several manual options, are described below. - - Agentless deployments support two authentication methods: -Direct access keys and Temporary keys. - - -
### CloudFormation (recommended) @@ -185,7 +197,7 @@ When deploying to an organization using any of the authentication methods below,
-## Manual authentication methods +### Manual authentication methods * Default instance role (recommended) * Direct access keys @@ -199,7 +211,7 @@ Whichever method you use to authenticate, make sure AWS’s built-in [`SecurityA
-### Option 1 - Default instance role +#### Option 1 - Default instance role If you are deploying to an AWS organization instead of an AWS account, you should already have created a new role, `cloudbeat-root`. Skip to step 2 "Attach your new IAM role to an EC2 instance", and attach this role. You can use either an existing or new EC2 instance. @@ -230,12 +242,12 @@ Follow AWS's [IAM roles for Amazon EC2](https://docs.aws.amazon.com/AWSEC2/lates 1. Return to ((kib)) and finish manual setup. -Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in Kibana, in the **Setup Access** section, select **Assume role**. Leave **Role ARN** empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click **Save and continue**. +Make sure to deploy the CSPM integration to this EC2 instance. When completing setup in ((kib)), in the **Setup Access** section, select **Assume role**. Leave **Role ARN** empty for agentless deployments. For agent-based deployments, leave it empty unless you want to specify a role the ((agent)) should assume instead of the default role for your EC2 instance. Click **Save and continue**.
-### Option 2 - Direct access keys +#### Option 2 - Direct access keys Access keys are long-term credentials for an IAM user or AWS account root user. To use access keys as credentials, you must provide the `Access key ID` and the `Secret Access Key`. After you provide credentials, finish manual setup. For more details, refer to [Access Keys and Secret Access Keys](https://docs.aws.amazon.com/general/latest/gr/aws-sec-cred-types.html). @@ -246,8 +258,8 @@ You must select **Programmatic access** when creating the IAM user.
-### Option 3 - Temporary security credentials -You can configure temporary security credentials in AWS to last for a specified duration. They consist of an access key ID, a secret access key, and a security token, which is typically found using `GetSessionToken`. +#### Option 3 - Temporary security credentials +You can configure temporary security credentials in AWS to last for a specified duration. They consist of an access key ID, a secret access key, and a session token, which is typically found using `GetSessionToken`. Because temporary security credentials are short term, once they expire, you will need to generate new ones and manually update the integration's configuration to continue collecting cloud posture data. Update the credentials before they expire to avoid data loss. @@ -271,7 +283,7 @@ After you provide credentials, -### Option 4 - Shared credentials file +#### Option 4 - Shared credentials file If you use different AWS credentials for different tools or applications, you can use profiles to define multiple access keys in the same configuration file. For more details, refer to AWS' [Shared Credentials Files](https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html) documentation. Instead of providing the `Access key ID` and `Secret Access Key` to the integration, provide the information required to locate the access keys within the shared credentials file: @@ -290,7 +302,7 @@ After providing credentials, -### Option 5 - IAM role Amazon Resource Name (ARN) +#### Option 5 - IAM role Amazon Resource Name (ARN) An IAM role Amazon Resource Name (ARN) is an IAM identity that you can create in your AWS account. You define the role's permissions. Roles do not have standard long-term credentials such as passwords or access keys. Instead, when you assume a role, it provides temporary security credentials for your session. To use an IAM role ARN, select **Assume role** under **Preferred manual method**, enter the ARN, and continue to Finish manual setup. diff --git a/docs/serverless/cloud-native-security/cspm.mdx b/docs/serverless/cloud-native-security/cspm.mdx index 6c57adf859..f14a6ec611 100644 --- a/docs/serverless/cloud-native-security/cspm.mdx +++ b/docs/serverless/cloud-native-security/cspm.mdx @@ -11,7 +11,7 @@ status: in review The Cloud Security Posture Management (CSPM) feature discovers and evaluates the services in your cloud environment — like storage, compute, IAM, and more — against configuration security guidelines defined by the [Center for Internet Security](https://www.cisecurity.org/) (CIS) to help you identify and remediate risks that could undermine the confidentiality, integrity, and availability of your cloud data. -This feature currently supports Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. For step-by-step getting started guides, refer to Get started with CSPM for AWS, Get started with CSPM for GCP, or Get started with CSPM for Azure. +This feature currently supports agentless and agent-based deployments on Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure. For step-by-step getting started guides, refer to Get started with CSPM for AWS, Get started with CSPM for GCP, or Get started with CSPM for Azure. diff --git a/docs/serverless/ingest/agentless-integrations.mdx b/docs/serverless/ingest/agentless-integrations.mdx new file mode 100644 index 0000000000..4d72f57bfd --- /dev/null +++ b/docs/serverless/ingest/agentless-integrations.mdx @@ -0,0 +1,14 @@ +--- +slug: /serverless/security/agentless-integrations +title: Agentless integrations +description: Ingest data without deploying and managing an agent. +tags: [ 'serverless', 'security', 'overview' ] +status: in review +--- + + +Agentless integrations provide a means to ingest data while avoiding the orchestration, management, and maintenance needs associated with standard ingest infrastructure. Using agentless integrations makes manual agent deployment unnecessary, allowing you to focus on your data instead of the agent that collects it. + +We currently support one agentless integration: cloud security posture management (CSPM). Using this integration's agentless deployment option, you can enable Elastic's CSPM capabilities just by providing the necessary credentials. Agentless CSPM deployments support AWS, Azure, and GCP accounts. + +To learn more about agentless CSPM deployments, refer to Get started with CSPM for AWS, Get started with CSPM for GCP, or Get started with CSPM for Azure. \ No newline at end of file diff --git a/docs/serverless/serverless-security.docnav.json b/docs/serverless/serverless-security.docnav.json index 72b13a523e..188ed03a2d 100644 --- a/docs/serverless/serverless-security.docnav.json +++ b/docs/serverless/serverless-security.docnav.json @@ -83,6 +83,9 @@ }, { "slug": "/serverless/security/automatic-import" + }, + { + "slug": "/serverless/security/agentless-integrations" } ] },