Post-Onboarding

AWS Post-Onboarding (Assessment Validation & Governance configuration for your Cloud Accounts)

Add cloud accounts into CoreStack. You can see accounts listed as part of the account governance dashboard. You can check if CoreStack has valid permission to assess the data from cloud account and complete the governance configurations. During on-boarding, you can create following resources:

*1) Cloud Trail: This feature allows you to log, monitor, and retain account activity related to actions across your AWS infrastructure. CoreStack requires a Cloud Trail to be available in each of your AWS regions. Cloud Trail is available with the resources running on your account. CoreStack will fetch all the users, account and resources related activity from Cloud Trail and publish in operation posture in CoreStack. You may select an existing trail or create a new trail. Such new trails created may attract additional charges. (Note: The first trail is free of cost. Any additional trail may involve charges).

*2) S3 Buckets: As part of the cloud trail configurations, S3 buckets are also created in the respective AWS regions to collect the logs. Cloud trail will keep all logs and activity in respective S3 bucket. We can create a new S3 bucket or choose an existing S3 bucket for storing the trail log files.

  • a) For existing trail, there are no new buckets created.
  • b) To create a new trail, the corresponding S3 Bucket will be created and there will be a charge associated with it.

*3) CloudWatch: It is a monitoring service for AWS cloud resources and the applications you run on AWS. You can use CloudWatch to collect and track metrics, collect and monitor log files, set alarms, and automatically react to changes in your AWS resources. CloudWatch can monitor AWS resources such as EC2 instances, DynamoDB tables and RDS DB instances, as well as custom metrics generated by your applications and services, and any log files your applications generate. Alarms will be created for selected metrics for various resource types supported by CoreStack. Post on-boarding, you will see the list of metrics for each resource type. You can define monitoring thresholds and alerts in CoreStack.

*4) GuardDuty: GuardDuty is a threat detection service that continuously monitors for malicious activity and unauthorized behavior to protect your AWS accounts, workloads, and data stored in S3. The service uses machine learning, anomaly detection, and integrated threat intelligence to identify and prioritize potential threats. CoreStack requires a GuardDuty to be available in each of your preferred AWS regions. Corestack will fetch all identified threat by GuardDuty and publish in Security posture in corestack. You may select an existing GuardDuty to be used or choose the option to create a new GuardDuty. Creating new GuardDuty may attract additional charges.

*5) Inspector: Amazon Inspector is an automated security assessment service that helps improve the security and compliance of applications deployed on AWS. Amazon Inspector automatically assesses applications for exposure, vulnerabilities, and deviations from best practices. After performing an assessment, Amazon Inspector produces a detailed list of security findings prioritized by level of severity. CoreStack requires an Inspector to be available in each of your preferred AWS regions. Corestack will fetch all identified vulnerabilities by Inspector and publish in Security posture in corestack You may select an existing Inspector to be used or choose the option to create a new Inspector. Such new Inspector created may attract additional charges.

1. Assessment validation for onboarded AWS account in CoreStack

  • 1.1 Click View under Actions and select View Settings.
  • 1.2 Click Assessment Validation and Select Operations and Click Re-Validate.
    This will validate if assigned permission to CoreStack is intact.
  • 1.3 On Successful validation will reflect as permission Allowed.
  • 1.4 Perform the same validation for Security & Cost pillar.

2. Governance configuration for Onboarded AWS account

Configuring Operation Pillar in CoreStack for onboarded Account

  • 2.1 Click View under Actions and select View Settings.
  • 2.2 Click Governance Configuration and Select Operations.
  • 2.3 Expand Activity logs and Click Configure.
  • 2.4 Select ‘Create New / use Existing’ based on cloudtrail availability in onboarded
    cloud account and click Next.
  • 2.5 Select desired Region and Cloudtrail for selected region.
  • 2.6 Click Validate and Save.
  • 2.7 Click Finish.
  • 2.8 Expand Alerts and click configure .
  • 2.9 Select Create Sample Alert and click Next.
  • 2.10 Click Validate and Next.
  • 2.11 Add respective email address/Webhook/MS Teams Webhook for alert notification.
  • 2.12 Click Finish.

Configuring Security Pillar in Corestack for onboarded Account

  • 2.13 Click Governance Configuration and select Operations.
  • 2.14 Expand Threat Management and click Configure.
  • 2.15 Select Create New / Check existing configuration based on AWS GuardDuty
    availability in onboarded cloud account and click Next.
  • 2.16 Select desired Region and click Validate.
  • 2.17 Click Save & Finish.
  • 2.18 Expand Vulnerability Assessment and configure.
  • 2.19 Select Check Existing Configuration and click Next.
  • 2.20 Select desired Region and click Validate.
  • 2.21 Select Save & Finish.
  • 2.22 Expand Notification Settings and configure notification list based on your
    requirements. Click Save & Apply.

Configuring Cost Pillar in Corestack for onboarded Account

Enable Cost Anomaly. This will alert us if any deviation of cost from the baseline settings.

  • 2.23 Click Governance Configuration and Select Cost.
  • 2.24 Expand Cost Anomaly.
  • 2.25 Enable Cost Anomaly and configure notification list of Email address or
    Webhook
    .
  • 2.26 Click Save & Apply.

AZURE Post-Onboarding (Assessment Validation & Governance configuration for your Cloud Accounts)

Once you have completed adding your cloud accounts into CoreStack, you can see them listed as part of the Account Governance Dashboard. As a next step, you can check if corestack has valid permission to assess the data from cloud and complete the Oscar pillar configurations:
Following resources will be created based on your selection during onboarding:

    1. Azure Monitor, Resource Group, Action Group: Azure monitor collects data from various sources such as applications, operating systems, Azure resources, etc. in the form of metrics and logs. This data can then be processed to perform various functions such as analysis, visualization, alerting, automation and integrations. Azure Resources Groups are logical collections of virtual machines, storage accounts, virtual networks, web apps, databases, and/or database servers. Typically, users will group related resources for an application, divided into groups for production and non-production — but you can subdivide further as needed. Azure Action group is a collection of notification preferences defined by the owner of an Azure subscription. Azure Monitor, Service Health and Azure Advisor alerts use action groups to notify users that an alert has been triggered. CoreStack requires an Azure Monitor, Resource Group & Action Group to be available in respective Azure account and it will fetch data from these services and publish in operation posture in corestack. Creating new services may attract additional charges. (Note: If the one created is the first trail, it is free of cost. If it is an additional trail, it may involve charges).
    1. Azure Security center & Defender: Azure Security Center provides you the tools needed to harden your network, secure your services and make sure you're on top of your security posture. Azure Defender is a built-in tool that provides threat protection for workloads running in Azure. CoreStack requires an Azure security center & defender service to be available in respective Azure account to configure Security pillar in corestack. Corestack will fetch identified threat and vulnerabilities findings from these services and publish in security posture in corestack. You may use an existing security center & defender service. Enabling defender service may attract additional charges.

* 1. Assessment validation for onboarded Azure account in CoreStack

  • 1.1 Click View under Actions and select View Settings.
  • 1.2 Click Assessment Validation and Select Operations and Click Re-Validate. This will validate if assignment permission to corestack is intact.
  • 1.3 On Successful validation will reflect as like below.
  • 1.4 Perform the same validation for “Security & Cost” pillar.

* 2. Governance configuration for onboarded Azure account

* Configuring Operation Pillar in Corestack for onboarded Account

  • 2.1 Click View under Actions and select View Settings.
  • 2.2 Click Governance Configuration and Select Operations.
  • 2.3 Expand Activity logs and Click Configure.
  • 2.4 Select Create New / Existing “Resource Group & Action group” based on Availability in onboarded cloud account and click Next.
  • 2.5 Select desired Resource group and Action Group.
  • 2.6 Click Validate and Save.
  • 2.7 Click Finish.
  • 2.8 Expand Alerts and click configure.
  • 2.9 Select Create New / Existing based on Resource Group & Action Group in onboarded cloud account and click Next.
  • 2.10 Select desired Resource group and Enter Action Group .
  • 2.11 Click Validate. and then Save & Finish.

* Configuring Security Pillar in Corestack for onboarded Account

  • 2.12 Click Governance Configuration and Select Operations.
  • 2.13 Expand Threat Management and Click Configure.
  • 2.14 Select Create New / Existing Resource Group & Action Group based on Availability in onboarded cloud account and click Next.
  • 2.15 Select desired Resource group and Action Group .
  • 2.16 Click Save & Finish.
  • 2.17 Expand Notification Settings and configure notification list based on your requirements. Click Save & Apply.

* Configuring Cost Pillar in Corestack for onboarded Account

  • Enable Cost Anomaly. This will alert us if any deviation of cost from the baseline settings.
  • 2.18 Click Governance Configuration and Select Cost.
  • 2.19 Expand Cost Anomaly.
  • 2.20 Enable Cost Anomaly and configure notification list of Email address or Webhook.
  • 2.21 Click *Save & Apply .

Post-Onboarding (Validate your Cloud Accounts & Configurations)

Once you have completed adding your cloud accounts into CoreStack, you can see them listed as part of the Account Governance Dashboard. As a next step, you can check if your cloud account is ready for Assessment and understand the status of the assessment. The process may take 12-24 hours from the time the account was on-boarded or a Re-Assessment is triggered. The process involves the below stages for each of the 5 OSCAR Governance Pillars:

You can view the current status of your cloud account from the Account Dashboard. The status can be different for each of the 5 Pillars (Operations, Security, Cost, Access and Resource). You can view the status by hovering on the info icon next to colored circle for each pillar.

For more information on the Assessment Status and the Results for your account, you can click on view under the Actions column and select View Settings. Complete information about the account and the assessment status is available here. Refer the Account Dashboard section for more details.

📘

Note: You may see status as “Currently Unavailable” for few pillars if the assessment feature is not yet available.


Did this page help you?