This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
dankline
Employee
Employee
‎2020-09-09 01:34 PM

CSPM unused assets

Is there a way to generate a report to show assets in AWS/Azure that have not been used or touched for a period of time?

0 Kudos
2 Replies
Gonzalo_Rocamad
Employee Alumnus
Employee Alumnus
‎2020-09-10 12:39 AM

Hello Dankline,

We only check the configuration and meta data of the objects, so we will not see if an application is running or not on an instance or what objects have being uploaded on an S3 bucket.

Once said that, we can enforce different lifecycle rules according to the status or the configuration of the different services:

Make sure that S3 have lifecycle rules :

S3Bucket should have lifecycle.rules

Or ensure older objects are being deleted after a period of time:

S3Bucket should have lifecycle.rules contain [ expiration.days<=365 ]

Or sent to an archive bucket after a certain period of time:

S3Bucket should have lifecycle.rules with [ transition.storageClass='STANDARD_IA' and days<=180 ]

Or identify instances that have being running for more than a year:

Instance where (not tags with [ key='app' and value='prod' ]) and isRunning=true should not have launchTime before(-12, 'months')

Or users that have not connected to AWS in a period of time:

IamUser where passwordEnabled=true should not have passwordLastUsed before(-6,'months')

The GSL language is very powerful and allows customer to very easily translate their own configuration and lifecycle posture into rules that can be continuously enforced and monitored. Once the rules are created and added to a continuous policy you can create reports or widgets  to visualize the status of the lifecycle configuration policy. 

dankline
Employee
Employee
‎2020-09-10 01:12 PM
In response to Gonzalo_Rocamad

Thank you, Gonzalo.  Do we have a similar capability, using GSL in Azure?  I'm interested in being able to identify VMs that are no longer being used, and orphaned vnets, etc.  Is there GSL documentation that can help in crafting these rules?

Dan

0 Kudos
UPCOMING CLOUDMATES EVENTS
    All CloudMates Events