Cloudquery deploymentĬloudquery can be deployed as an osquery extension and as a Docker container. The list of supported tables can be found here. Here’s a sample query that produces a list of public S3 buckets: SELECT account_id, name FROM aws_s3_bucket where policy_status NOT LIKE '%"IsPublic":false%' Īnd finally, here’s a query that generates a list of instances with public IP addresses: select account_id, region_code, instances_instance_id, instances_public_ip_address from aws_ec2_instance where instances_public_ip_address is not null AND instances_public_ip_address 'null' Supported tables in cloudqueryĬloudquery supports various cloud providers and we will keep adding new tables frequently. Query and response showing a list of AWS EC2 instances. Note that there are numerous other parameters/columns providing the details related to each instance, but this sample query (and response) shows only a few for brevity.įigure 1. Real-time investigation and root cause analysisįor example, the following query will provide a list of all AWS EC2 instances across all configured AWS accounts. ![]() Conformance to compliance standards like CIS Benchmarks for AWS, Azure, and GCP.Detecting misconfigurations, such as S3 public buckets, and enablement of MFA for all users.Trends/historical data analysis and identification of configuration drift.Visualizations for various resources and their configurations.Once you collect the data and store it in a database, there are numerous ways to apply the data: Those who are already familiar with osquery can create scheduled queries to fetch the data related to their cloud deployments and send it to configured destinations.Īpart from this, osquery’s distributed query functionality can be used to query data in real time for ad-hoc analysis. This removes the need to deploy and understand various cloud provider tools. You have to deal with different tools for on-prem environments and for cloud environments.Ĭloudquery uses a familiar SQL interface. With hybrid environments, it’s a challenge even to visualize resources and understand their usage. It creates a seamless integration of cloud telemetry with the rest of your osquery-powered telemetry.Īll cloud providers offer ways to secure your infrastructure, but under the shared responsibility model it’s the responsibility of you, the customer, to configure and set policies to secure your cloud resources and data. ![]() Thus it becomes important to secure both your on-prem and cloud infrastructure.Ĭloudquery, which runs as an extension of osquery, simplifies the visualization and monitoring of all your cloud resources. ![]() With the shift toward cloud computing, many organizations have at least some footprint in the cloud.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |