Lumeta now offers a DisruptOps/AWS integration, which replaces the Lumeta CloudVisibility engine.
DisruptOps is a cloud security operations platform to monitor, alert and respond to security risk across your public cloud infrastructure.
Prerequisite
To use the feature, you must have the DisruptOps platform deployed in your AWS environment. For guidance, pen a Support ticket (lumetasupport@firemon.com) and request Disrupt:Ops. FireMon Support will respond by providing you with implementation steps and login credentials. They will also help you deploy the necessary "cloudformation stack."
Configuration
- To configure this new integration, browse to Settings > Integrations > Disrupt:Ops and click Configure.
- Complete the form, supplying your Disrupt:Ops credentials as the Username and Password (not your AWS credentials).
Lumeta considers the following factors in calculating the Security Group violation:
- Instances that have been deployed from images in either a white list or black list.
- You have an image that was not in the white list.
- You have an image that was in the black list.
- Ports and protocols that are either in a white list or black list.
- You have a port / protocol that was not in the white list.
- You have a port / protocol that was in the black list.
- IPv4 / IPv6 that are either in a white list or black list. On this, bear in mind that IP address blocks are not sliced. If a /8 is specified in blacklist, and a /24 out of that /8 in white list, an IP address that is in that /24 will still appear as a blacklist risk.
- You have a IPv4 / IPv6 that was not in the white list.
- You have a IPv4 / IPv6 that was in the black list.
- Wildcard in a Security Group.
- IPv4 mask is too large for a Security Group.
- Src/Dest checks disabled on an instance
- Inbound/outbound path to the public internet (direct and indirect)