cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
CloudGuard Dome9

CloudGuard Dome9 is Check Point's Cloud Security Orchestration solution.

Offir_Zigelman
inside CloudGuard Dome9 yesterday
views 46
Employee+

New CloudGuard Dome9 Feature: Bulk update Azure credentials

Dome9 now allows to update all Azure subscriptions with the same App Id in a single Bulk Operation. This capability allows to change the credentials for all the subscriptions on the same Azure tenant (that use the same App for the onboarding) while changing the credentials for one of the subscriptions.
Offir_Zigelman
inside CloudGuard Dome9 yesterday
views 47
Employee+

New CloudGuard Log.ic feature: Activity Timeline

Log.ic now supports activity timeline. Activity timeline shows a list of activities that were preformed on the selected resources by time. The timeline allows to investigate what actions were performed by the different users and resources in the account over the selected time period. The timeline can be used in numerous scenarios. Here are some examples: Track the activity of a resource over time ("show me all the actions of a specific user/service"). Track all actions that were performed on a resource over time (i.e. "who accessed/changed the configuration/data of the resource"). An investigation can be conducted following any type of alert, including the Dome9 Compliance Engine. It can also be used alongside the Log.ic "network activity" module. For example, in case of a Dome9 Compliance alert that reports on an exposing a resource to the internet, the timeline can be used to track which user performed the action, what were the actions that preceded the security group modification, as well as the actions that were performed afterwards. The network activity can be used to track the traffic patterns that entered the VPC following the exposure.   To view the timeline, select a node in the "Account Activity" map. Then select the "Timeline" tab in the information panel to the right. Clicking on an action would present a dialog that allows to use the action in the GSL that generates the view, or open the activity log. The lower part of the information panel allows to filter by user agents.
Marina_Segal
inside CloudGuard Dome9 Thursday
views 135
Employee

CloudGuard Dome Integration with Microsoft Azure Security Center

The integration between Azure Security Center and Check Point CloudGuard Dome9 provides a seamless experience to customers in protecting their Azure environments against advanced cyber-threats and mitigating compliance risks at any scale. We now can send Cloud Guard Dome9 findings to Azure Security Center and allow seamless consumption of Security Posture and Compliance findings in Azure Security Center.   To enable integration you can configure Notification Policy in Dome9 Compliance Engine: For more details on how to setup CloudGuard Dome9 Notifications - click here.   Once Notifications Policy is configured, you will be able to view the alerts in you ASC console: Dome9-ACS integration Please use the new capabilities, we'd love your feedback!   Marina Segal Head of Product Management | Cloud SecOps and Compliance    
Offir_Zigelman
inside CloudGuard Dome9 Wednesday
views 174
Employee+

New CloudGuard Dome9 Public Preview: New Dashboards

We're happy to introduce the new Dome9 dashboards! The dashboards provide new, powerful capabilities to present information from various sources. The dashboards can present information in various formats and breakdowns, such as "Top" (i.e. "cloud accounts with most alerts"), pie charts (i.e. "breakdown by severity"), and "latest" (i.e. "latest generated findings"). The dashboards can be filtered according to needs, and allow you to focus on information relevant to the current logged in user. For example, you can filter the dashboard to focus on specific cloud platform, region, or type of entities. We provide default "Dome9" dashboards, starting with the Compliance alerts. The dashboards are customizable - you can create your own dashboards. Dashboards are saved with the applied filters, this allows to create dashboards for specific use cases. For example: "The state of Serverless", focusing on the security posture of serverless services; "GDPR Dashboard", focusing on alerts that are relevant for specific compliance frameworks; "My Team Dashboard" that would present information that is relevant for my team only; and more. Clicking on the data leads you to the alerts console, filtered according to the clicked element. The new Alerts Dashboard is now the default view of alerts. You can switch to the alerts tab and look at the "raw" alerts information.   Please use the new capabilities, we'd love your feedback!
Offir_Zigelman
inside CloudGuard Dome9 a week ago
views 221
Employee+

New CloudGuard Dome9 Compliance Attribute: S3 Bucket object level logging

Dome9 Compliance Entity S3Bucket now supports new attribute: objectLevelLogging. The new capability checks if Object-Level Logging for the S3 Bucket is enabled. Sample GSL:  S3Bucket should have objectLevelLogging=true  
Offir_Zigelman
inside CloudGuard Dome9 2 weeks ago
views 387
Employee+

New CloudGuard Dome9 Feature: TerraForm Provider

We're proud to announce that Dome9 was certified by HashiCorp as a provider for TerraForm. Terraform is a tool for provisioning infrastructure (also called Infrastructure as Code). A provider is responsible for understanding API interactions and exposing resources. Dome9 developed a provider, which allows to more easily configure Dome9 as part of the cloud environments provisioning. It also allows to integrate into a CI/CD pipeline.   The Dome9 TF Provider is available here: https://www.terraform.io/docs/providers/dome9  
Offir_Zigelman
inside CloudGuard Dome9 2 weeks ago
views 311
Employee+

New CloudGuard Dome9 Feature: Fixed IP Addresses for the Compliance HTTP Endpoint

Dome9 Compliance Engine provides integration with HTTP endpoints. This integration allows to send compliance alerts to external systems that exposed HTTP Endpoints that can consume the alerts. We already built several integrations based on this, including Splunk, ServiceNow and more. In order to allow the target systems to limit the source IP Addresses that are allowed to send data, the compliance engine now provides a fixed list of addresses. These IP Addresses can be used to white-list Dome9 as a source. Here is the list of the Dome9 HTTP Endpoint IP Addresses: 52.70.61.156 3.232.156.115 3.231.193.67 For more information on the HTTP endpoint integration: https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Alerts-Notifications/NotPolicy.html
Raji_Checkpoint
inside CloudGuard Dome9 3 weeks ago
views 330
Employee

Update to Network Security Rulesets

A new compliance ruleset- AWS Dome9 Network Alerts for default VPC components will be available in CloudGuard Dome9 within next 5-10 business days. This ruleset supports aligned with architectures that include Security Groups, Gateways, Route Tables, NACLs and is based on  AWS Guidelines: https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html#default-vpc-components.   In addition to this new ruleset, we will be enhancing the existing network security rulesets for AWS, Azure and GCP by adding rules coverage for the additional ports as follows: 100 New rules added for AWS Dome9 Best Practices 100 New rules added for AWS Dome9 Network Alerts 25 New rules added for Azure Dome9 Best Practices 25 New rules added for Azure Dome9 Network Alerts 25 New rules added for GCP Dome9 Best Practices 25 New rules added for GCP Dome9 Network Alerts   List of ports added:  Port Protocol Service Name Application 23 TCP Telnet Telnet 445 TCP Microsoft-DS CIFS / SMB 53 UDP DNS DNS 5500 TCP VNC Listener VNC 5900 TCP VNC Server VNC   How does this change affects us? If you are utilizing Security Groups, Gateways, Route Tables, NACLs, it is recommended to start using AWS Dome9 Network Alerts for default VPC components instead of AWS Networks Alerts ruleset, to reduce the amount of false positive findings you may encounter using AWS Dome9 Network Alerts. Updates to existing rulesets will result in a more comprehensive testing, thereby increasing the number of rules which will affect your overall compliance score (it can go up or down depending on the environment) For more information on the updated network security ruleset, you can refer to : Dome9 release notes: https://dome9-security.atlassian.net/wiki/spaces/RN/pages/784400389/Release+Notes Content Updates Page: https://dome9-security.atlassian.net/wiki/spaces/RN/pages/789348353/Cloud+Guard+Compliance+Updates Documentation Page: https://docs.google.com/document/d/1IzIt5fdDq8V2fl89ytDd6RekW-q7NhEQLgVATVe3iHo/edit?ts=5d9e5e6c#
Offir_Zigelman
inside CloudGuard Dome9 2019-10-11
views 398
Employee+

New CloudGuard Dome9 Compliance Entity: AWS Auto Scaling Group

We added support for AWS Auto Scaling Group as entity in the Dome9 Compliance Engine. AWS Auto Scaling allows to build scaling plans that automate how groups of resources respond to changes in demand. With the new entity it is now possible to reason on ASG configurations, making sure that the ASGs comply with the relevant policies. We also added reference from the EC2 instances to the relevant ASG, making it possible to check if an instance is connected to a scaling group and other checks. GSL Examples: Make sure that an ASG is connected to at least one ELB/ALB/NLBAutoScalingGroup should have elasticLoadBalancers or networkLoadBalancers or applicationLoadBalancers Make sure that web servers are scalableInstance where tags contain [ key='web' ] should have autoScalingGroup
Offir_Zigelman
inside CloudGuard Dome9 2019-10-10
views 721 1
Employee+

New CloudGuard Dome9 Integration: ServiceNow

We are excited to announce the official integration between Dome9 and ServiceNow, offering the ability to open and manage incidents compliance issues with new, modern ServiceNow ITSM App!   The new ServiceNow AppServiceNow provides service management software as a service cloud platform.ServiceNow IT Service Management (ITSM) offers consolidation of IT tools into single data model, with automated workflows, that aims to improve IT productivity.Dome9 built a new ServiceNow ITSM App, available in the ServiceNow App Store.   The new app allows the easy integration between Dome9 and ServiceNow: Dome9 sends alerts based on an HTTP connector. The Continuous Compliance Policies allow to easily select the relevant alerts to send to ServiceNow. The Dome9 ServiceNow App consumes the alerts and create ServiceNow incident for each. View different breakdowns and statistics on the App Dashboard The App allows to view the full incident details, with all the relevant information to assess the issue and the steps to remediation. The App is highly configurable, and allows to customize the incident creation, field mapping, and permissions. The integration also allows closing the incident automatically when the issue is resolved.   Fully automated CI/CD: The Dome9-ServiceNow integration allows providing a fully automated assessment, remediation and incident management Continuous Integration/Deployment flow, using the Cloud platform and Dome9 APIs. Dome9 allows automated onboarding of cloud environments, running assessment on the environment, and for failed checks - open a ServiceNow ticket with all the details needed to resolve the issue. Using CloudBots it's also possible to automatically apply remediation to the environment, and then Dome9 can also close the ServiceNow ticket.   Additional resources: Dome9 in the ServiceNow store. For more information on the Dome9-ServiceNow integration: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk161973
Martins
Martins inside CloudGuard Dome9 2019-10-03
views 353 2 1

Dome9 trial

Hi,Someone could give in details the Dome9 trial especifications?What's possible to do in a trial? (Ex: Number of compliance Check)Thanks 
Offir_Zigelman
inside CloudGuard Dome9 2019-10-02
views 372
Employee+

New CloudGuard Dome9 Feature: Granular Permissions to the Compliance Module

The Dome9 permissions model is evolving! We added additional granular permissions for the Compliance related features, allowing our customers to better define their Dome9 users and roles. We provided all the needed information in a previous post: https://community.checkpoint.com/t5/CloudGuard-Dome9/Coming-Up-Adding-Granular-Permissions-to-the-Compliance-Module/m-p/63366#M46    
Martins
Martins inside CloudGuard Dome9 2019-09-22
views 355 5

Log.ic license

Hi,How the CloudGuard Log.ic license model works?I don't understand just looking this imageThanks 
Offir_Zigelman
inside CloudGuard Dome9 2019-09-22
views 270
Employee+

Coming Up: Adding Granular Permissions to the Compliance Module

The Dome9 permissions model is evolving! We’re adding additional granular permissions for the Compliance related features, allowing our customers to better define their Dome9 users and roles. The new permission model is scheduled for release on Wednesday, October 2nd.   Background Dome9 allows you to define users and roles. The Dome9 permissions model includes the ability to specify the permissions to view data for specific Cloud Accounts and Organizational Units, and manage the Network Security permissions (create and manage Security Groups, as well as ability to use Dynamic Access and IAM elevations).   The new capabilities we’re adding would allow you to better control the permissions of the Compliance Engine, and include: Add, edit or delete Rulesets  Add, edit or delete notifications and integrations with external systems and control alerts actions Add, edit or delete Remediations  Add, edit or delete Exclusions  Acknowledge alerts, add comments, assign alerts to users and change alert severity. Associate/disassociate Compliance Policy How does this change affect us? Dome9 permissions management screens - Roles screen and Users screen - would include additional permissions related to the Compliance Engine. Dome9 Super Users would be able to assign these new permissions to roles (or specific users directly). Users that do not include these permissions would not be able to perform the relevant actions (i.e. edit exclusions or acknowledge alerts).   These changes will affect the predefined “Auditor” role. Currently this role can perform many types of operations; when adding the new permissions Dome9 users assigned to the predefined “Auditor” role will not be able to: Create or edit rulesets. Edit Notifications and Integrations with external systems. Edit Compliance Policies. Perform actions on alerts (edit Remediations, edit Exclusions, acknowledge alerts, add comments, assign alerts and change severity). With that change, the predefined “Auditor” role would become an actual read-only role, and would be dedicated to auditing.   Note: No changes would be applied to the Super User role, it would still be able to perform any action.   What can I do to provide my users permissions the actions they used to perform? When the new permissions would be introduced it would be possible to choose which compliance-related actions your uses would be able to perform. Here are a few suggestions for the new roles you can use or generate: For auditors, that only observe and monitor, the updated “Auditor” role can be used. For users that also need to review alerts, process generated alerts and acknowledge, a new role should be created, and it should include the “Alerts Configurations and Actions” permission. Users that modify compliance content (create or modify compliance rulesets) should be assigned with the “Rulesets and Content” permission. Users that need to create notifications (send alert reports via emails, or other types of integrations such as AWS SNS, HTTP endpoints and more), as well as association of cloud accounts with compliance rulesets and notifications (“Continuous Compliance” policies) should be assigned with “Integrations and Notifications” permission. Use a Super User to edit users and roles and assign the new permissions.   If you have any questions or need help, please reach out to Support here. 
Offir_Zigelman
inside CloudGuard Dome9 2019-09-10
views 499 1
Employee+

New CloudGuard Dome9 Integration: Splunk

Dome9 now supports HTTP based integration with Splunk, allowing to send JSON-formatted alerts produced by the Compliance Engine to easily to a Splunk HTTP Events Collector. Splunk is a data collection, monitoring, and analysis system. Many Dome9 customers use it as their Security information and event management (SIEM) solution. The new integration is very easy to set. On the Dome9 the integration requires setting up a "notification policy" that includes HTTP connector, and selecting the "Splunk - JSON" format. On Splunk the integration requires setting up an "HTTP Event Collector".   A user guide for the integration is available in the Dome9 help guide. For more on Dome9 Alerts and Notifications see here. Information on the Splunk HTTP Event Collector is available in Splunk Dev.