0
2.3.5
Vancouver
Identify internet-facing Cloud assets with security gaps. Monitor the configuration settings of your Cloud resources across the multi-Cloud environment continuously so that you can identify misconfigurations and non-compliance. Import resource configuration data directly into your instance and audit your Cloud resources against policy benchmark recommendations such as AWS CIS, CIS Microsoft Azure, and NIST.
- Detect cloud assets with critical ports open to the internet (AWS only).
- Detect high-risk combinations of Cloud assets that are exposed to the internet, missing security tools such as endpoint protection, and have critical vulnerabilities (AWS only).
- Automatically perform periodic scans for Cloud environments to detect configuration gaps using benchmark frameworks such as CIS (AWS and Azure).
- With the Configuration Compliance application, identify, group, and assign the test results of your audits and use features such as exception management to automate remediation workflows.
- Supported benchmark frameworks: CIS AWS Foundations v1.4.0, CIS Microsoft Azure v1.4.0.
- Changed
- Core framework enhancements to the Security Posture Control Core application.
- For required plugins, dependencies, and products, see the View Dependencies and Licensing link on the right of this listing page.
- Plugins:
- com.snc.discovery
- Dependencies: This application requires the following versions of these applications and their dependencies:
- Security Support Common (v13.5.x)
- Configuration Compliance (v14.7.2)
- Cloud Configuration Governance (v1.3.10)
- CCG Content Pack (v1.3.10)
- For a complete list of the required Now Platform roles required for the integration and user guides for the AWS and Azure integrations, see the links on the right of this listing page.
- Cloud Security Posture Management tasks require the following roles:
- sn_sec_condor.cspm_cloud_account_admin: Ability to run cloud scans
- sn_sec_condor.cspm_security_admin: Ability to read, write and delete records