New CloudGurad Dome9 Feature: Remediation in the UI
CloudGuard Dome9 now offers the option to configure Automatic Remediation from the UI.
What is Dome9 Auto-Remediation?
The Dome9 Auto-Remediation capabilities are based on CloudBots, an open source project that ensures your cloud environment is always protected. The CloudBots framework is deployed in your cloud environment, and is triggered by alerts information generated by the Dome9 Compliance Engine. The bots are pieces of code that fix the issue that caused the alert to be generated. For more information on CloudBots check the latest article in the Check Point cloud blog: https://blog.checkpoint.com/2019/07/22/secure-your-aws-azure-and-google-environment-automatically-wi...
What are the new capabilities?
We added the ability to configure the automatic remediation action from within the Dome9 UI. When a new alert is generated you can select which bot you want to execute to fix this type of issue, on which cloud environments, and even on specific elements. For example, you can choose to automatically block port 22 (SSH) on production machines by executing a Security Group modification bot, only on Production environments.
From now you will only have to install CloudBots in your environment and easily set the configurations in the UI.
The new remediation configurations can be applied to all sort of Rulesets, including the Dome9 pre-canned rulesets, removing the need to clone them. New attributes were added to the Dome9 alert information that is sent to the CloudBots, that provides more details on the selected CloudBots.
This is the first step in the process of adding in-app remediation capabilities, making it easier to apply automatic remediation that would keep you cloud environments safe.
For more information on the remediation capabilities: https://sc1.checkpoint.com/documents/CloudGuard_Dome9/Documentation/Compliance-and-Governance/Remedi...