Secberus ingests data from data sources. These data sources are typically cloud service providers such as AWS, Azure, and GCP. An individual instance, account, or subscription for one of these providers is referred to as a data source. An authenticated data source is used by the Secberus platform to collect provider information for analysis.
Each Data Source provider has its own mechanisms to allow authentication from third-party applications.
- AWS uses AWS access key for role-based authentication
- Microsoft Azure allows third-party authentication through its Application Registrations.
- Google Cloud allows authentication through its service accounts, which allows the account owner to specify which resources the service account is allowed to access.
In order to create a GCP data source you will need to create a service account and key for that service account on your GCP platform. Using the service account credentials and the required permissions, GCP will allow read access to the resource configurations needed for auditing.
For details on creating a GCP data source, click here.
To create an Azure data source on the Secberus platform you’ll need to create an Application Registration in your Azure Active Directory. Using the Application Registration and the required permissions, Azure will allow read access to the resource configurations needed for auditing.
For detailed steps on creating an Azure data source click here.
AWS Provides two different ways of authentication:
Role-Based Authentication requests temporary credentials from AWS to perform read operations on the required resources for a policy.
AWS user credentials authorizes a user to perform read operations on the required resources for a policy.
For detailed steps on creating an AWS data source click here.
Once a data source is created, the data collection can be achieved using by two different processes.
Event-Based Collection continuously monitors event logs that modify resources within the data source account. We parse these logs to extract which resources were altered and trigger a collection for the modified resources.
Time-Based Collection schedules an entire data source account for collection at regular intervals. These intervals will trigger collections for all available resources in the specified data source.
Once the data is collected, we run the data against active managed and custom policies to determine if there are any violations.
If a violation has occurred, those violations will be added to the dashboard and any integrations previously configured will be triggered.
Updated 5 months ago