cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Martins
Martins inside CloudGuard-Dome9 yesterday
views 126 5

Log.ic license

Hi,How the CloudGuard Log.ic license model works?I don't understand just looking this imageThanks 
Offir_Zigelman
inside CloudGuard-Dome9 yesterday
views 70
Employee+

Coming Up: Adding Granular Permissions to the Compliance Module

The Dome9 permissions model is evolving! We’re adding additional granular permissions for the Compliance related features, allowing our customers to better define their Dome9 users and roles. The new permission model is scheduled for release on Wednesday, October 2nd.   Background Dome9 allows you to define users and roles. The Dome9 permissions model includes the ability to specify the permissions to view data for specific Cloud Accounts and Organizational Units, and manage the Network Security permissions (create and manage Security Groups, as well as ability to use Dynamic Access and IAM elevations).   The new capabilities we’re adding would allow you to better control the permissions of the Compliance Engine, and include: Add, edit or delete Rulesets  Add, edit or delete notifications and integrations with external systems and control alerts actions Add, edit or delete Remediations  Add, edit or delete Exclusions  Acknowledge alerts, add comments, assign alerts to users and change alert severity. Associate/disassociate Compliance Policy How does this change affect us? Dome9 permissions management screens - Roles screen and Users screen - would include additional permissions related to the Compliance Engine. Dome9 Super Users would be able to assign these new permissions to roles (or specific users directly). Users that do not include these permissions would not be able to perform the relevant actions (i.e. edit exclusions or acknowledge alerts).   These changes will affect the predefined “Auditor” role. Currently this role can perform many types of operations; when adding the new permissions Dome9 users assigned to the predefined “Auditor” role will not be able to: Create or edit rulesets. Edit Notifications and Integrations with external systems. Edit Compliance Policies. Perform actions on alerts (edit Remediations, edit Exclusions, acknowledge alerts, add comments, assign alerts and change severity). With that change, the predefined “Auditor” role would become an actual read-only role, and would be dedicated to auditing.   Note: No changes would be applied to the Super User role, it would still be able to perform any action.   What can I do to provide my users permissions the actions they used to perform? When the new permissions would be introduced it would be possible to choose which compliance-related actions your uses would be able to perform. Here are a few suggestions for the new roles you can use or generate: For auditors, that only observe and monitor, the updated “Auditor” role can be used. For users that also need to review alerts, process generated alerts and acknowledge, a new role should be created, and it should include the “Alerts Configurations and Actions” permission. Users that modify compliance content (create or modify compliance rulesets) should be assigned with the “Rulesets and Content” permission. Users that need to create notifications (send alert reports via emails, or other types of integrations such as AWS SNS, HTTP endpoints and more), as well as association of cloud accounts with compliance rulesets and notifications (“Continuous Compliance” policies) should be assigned with “Integrations and Notifications” permission. Use a Super User to edit users and roles and assign the new permissions.   If you have any questions or need help, please reach out to Support here. 
Offir_Zigelman
inside CloudGuard-Dome9 2 weeks ago
views 221 1
Employee+

New CloudGuard Dome9 Integration: Splunk

Dome9 now supports HTTP based integration with Splunk, allowing to send JSON-formatted alerts produced by the Compliance Engine to easily to a Splunk HTTP Events Collector. Splunk is a data collection, monitoring, and analysis system. Many Dome9 customers use it as their Security information and event management (SIEM) solution. The new integration is very easy to set. On the Dome9 the integration requires setting up a "notification policy" that includes HTTP connector, and selecting the "Splunk - JSON" format. On Splunk the integration requires setting up an "HTTP Event Collector".   A user guide for the integration is available in the Dome9 help guide. For more on Dome9 Alerts and Notifications see here. Information on the Splunk HTTP Event Collector is available in Splunk Dev.
Offir_Zigelman
inside CloudGuard-Dome9 2 weeks ago
views 191 2
Employee+

New CloudGuard Dome9 Feature: Permissions on Organizational Units

We're excited to announce we're enhancing our Role Based Access Control (RBAC) model. Today we added the ability to view/manage cloud accounts by associating users and roles with Organizational Units (OU). Dome9 user management includes the ability to define access permissions. Each user or role can be restricted to specific cloud accounts managed by Dome9. The users can view data from specific cloud accounts on which they have "view" permissions, and manage setting (such as Security Groups definitions) in the cloud accounts on which they have "manage" permissions. By introducing the new OU permissions, it is now possible to grant "view" or "manage" permissions to an entire OU. A user (or role) that was granted permissions to an OU would be allowed to view or manage all the cloud accounts associated with the OU and its descendants. This permission behavior is applied automatically to any cloud account that is being associated with the relevant OU. Take a look at the new capabilities in our Administration Menu -> Users, and select "Organizational Units" under the "view" or "manage" sections. Same with Roles (Administration Menu -> Roles).   This is another part of our continuous effort to improve Dome9 user management and OU capabilities. Stay tuned for many new exciting RBAC and OU capabilities in the near future.
Offir_Zigelman
inside CloudGuard-Dome9 3 weeks ago
views 186
Employee+

CloudGuard Dome9 New Feature: View findings in assessment report by entity

Dome9 Compliance Assessment Report now includes the option to view the results grouped by Entity. Until now the Compliance Assessment Report showed the results grouped by Rules. For each rule it is possible to expand the rule view and see all the entities that failed the compliance tests. With this new capability it is now possible to view the results grouped by assets. Each entry is an asset that failed at lease one test in the Ruleset. The expanded view presents all the rules that this entity failed on.
Offir_Zigelman
inside CloudGuard-Dome9 3 weeks ago
views 162
Employee+

CloudGuard Dome9 Feature Removal: Legacy Network Alerts

This is notification that we will be removing support for legacy network alerts from the alerts console. This change will be made September 10th, 2019 from the Dome9 Alerts Console.   Some Background Dome9 Network Alerts used to be generated by a legacy system that scanned for specific network-related issues (such as publicly exposed admin ports). These alerts were presented in the legacy alerts console (Administration -> Alerts -> System Alerts). On July 2018, we introduced the New Alerts Page. The new mechanism is based on the Compliance Engine, and provides a lot of benefits, including: Many additional alert types Customization and visibility into the tested logic Many new actions, including exclusions and applying automatic remediation Powerful filtering and export capabilities And much more.   When we introduced the new alerts mechanism we declared the deprecation of the legacy alerts. The process completes now with the complete removal of the legacy alerts.   How does this change affects us? The legacy alerts mechanism would be removed from our systems. We will remove the network alerts that are currently stored and stop generating new legacy network alerts.   If you have not adopted the new alerts mechanism, please do so. For more information on the compliance-based alerts mechanism you can refer to the Dome9 documentation: https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Alerts-Notifications/Alerts-and-Notification.html You can export the legacy network alerts from the “system alerts” screen using the “Export to CSV” button.   For help achieving this please reach out to Support here.   
Offir_Zigelman
inside CloudGuard-Dome9 2019-08-22
views 274
Employee+

CloudGuard Dome9 Release Notes - New RSS Feed

The Dome9 Release Notes are now also available in a new RSS feed:  https://dome9-security.atlassian.net/wiki/spaces/createrssfeed.action?types=blogpost&spaces=RN&maxResults=15&title=CloudGuard+Dome9+Release+Notes Please subscribe to stay up to date with the latest releases.
Offir_Zigelman
inside CloudGuard-Dome9 2019-08-21
views 225
Employee+

New CloudGuard Dome9 Content: Azure CIS Foundations v.1.1.0 (and more)

August content release is here! Here are the highlights: New Ruleset: Azure CIS Foundations v.1.1.0 Added 35 new rules for Azure Several changes and fixes to existing rules For more details: https://dome9-security.atlassian.net/wiki/spaces/RN/pages/789348353/Cloud+Guard+Compliance+Updates
Offir_Zigelman
inside CloudGuard-Dome9 2019-08-15
views 258 1
Employee+

New CloudGuard Dome9 Entity: GCP Cloud SQL

We added support for GCP Cloud SQL in the Dome9 Compliance Engine and Inventory. Cloud SQL is a GCP managed database service that supports PostgreSQL, MySQL, and SQL Server. It is now possible to reason on Cloud SQL configurations such as replications and disk sizes; networking configurations like IP addresses; and security settings such as certificates and user access rights.   Sample GSL: CloudSQL DB should not be publicly exposedCloudSql should not have ipAddresses contain [ ipAddress isPublic() ] Make sure auto backup is enabledCloudSqlshould have settings.backupConfiguration.enabled   Note: retrieving data on CloudSQL requires additional permissions. Check the Dome9 GCP Onboarding for new onboarding procedure, and Cloud Accounts page for missing permissions notifications.
Offir_Zigelman
inside CloudGuard-Dome9 2019-08-14
views 245
Employee+

New CloudGuard Dome9 Feature: Cloud Account 'invalid credentials' status

We added a new status in the "Status" filter for cloud accounts - "invalid credentials" - in the Cloud Accounts page. The new status is applicable for all the supported cloud platforms (AWS, Azure, GCP), and allows to focus on accounts/subscriptions/projects that lost the connectivity with Dome9.  
axemte
axemte inside CloudGuard-Dome9 2019-08-13
views 256 1

Alert on Service Control Policy (SCP) modification in AWS

Would it be possible to do a check  (and alert) on a Service Control Policy (SCP) modification in an AWS account being monitored?Thanks,
Offir_Zigelman
inside CloudGuard-Dome9 2019-08-06
views 123
Employee+

New CloudGuard Log.ic feature: Filters in the graphs view

Log.ic live map view now provides enhanced filtering capabilities. The new filters allows you to focus on the interesting elements and connections and reducing the noise. The filters do not require changing the GSL logic. The filters include the asset classification (internal/external zones), focus on malicious IPs only, specific VPCs and more.  
Offir_Zigelman
inside CloudGuard-Dome9 2019-07-31
views 657
Employee+

New CloudGuard Dome9 Feature: Send Compliance Findings as Zipped CSV

We added the option to send the compliance findings as zipped email attachment. Until now the scheduled email reports supported the option to include the findings as CSV file attachment. The file includes all "opened" findings. If the notification policy is associated with many cloud accounts, the report file can be very large, and was sometimes rejected by email systems. We had to limit the number of findings in the file. With the new option we'd zip the CSV file before attaching it to the email, reducing the file size significantly. As a result we can now send all the findings. You can find the new option in the Compliance & Governance -> Notifications, under the Email scheduled report section.
Offir_Zigelman
inside CloudGuard-Dome9 2019-07-29
views 662
Employee+

New CloudGuard Dome9 Enhancements: Roles and Users screens

As part of our work to improve the Dome9 Users and Roles Management we enhanced the Users and Roles screens. We updated the screens to be aligned with the Dome9 UI guidelines and offer new capabilities, such as new filtering capabilities, sorting, export, and more. The new Users Screen
Offir_Zigelman
inside CloudGuard-Dome9 2019-07-25
views 815 4
Employee+

New CloudGurad Dome9 Feature: Remediation in the UI

CloudGuard Dome9 now offers the option to configure Automatic Remediation from the UI. What is Dome9 Auto-Remediation? The Dome9 Auto-Remediation capabilities are based on CloudBots, an open source project that ensures your cloud environment is always protected. The CloudBots framework is deployed in your cloud environment, and is triggered by alerts information generated by the Dome9 Compliance Engine. The bots are pieces of code that fix the issue that caused the alert to be generated. For more information on CloudBots check the latest article in the Check Point cloud blog: https://blog.checkpoint.com/2019/07/22/secure-your-aws-azure-and-google-environment-automatically-with-cloudbots/ What are the new capabilities? We added the ability to configure the automatic remediation action from within the Dome9 UI. When a new alert is generated you can select which bot you want to execute to fix this type of issue, on which cloud environments, and even on specific elements. For example, you can choose to automatically block port 22 (SSH) on production machines by executing a Security Group modification bot, only on Production environments. From now you will only have to install CloudBots in your environment and easily set the configurations in the UI.  The new remediation configurations can be applied to all sort of Rulesets, including the Dome9 pre-canned rulesets, removing the need to clone them. New attributes were added to the Dome9 alert information that is sent to the CloudBots, that provides more details on the selected CloudBots. This is the first step in the process of adding in-app remediation capabilities, making it easier to apply automatic remediation that would keep you cloud environments safe.   For more information on the remediation capabilities: https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Compliance-and-Governance/Remediation.html