Cloudsec Scan Configuration
Purpose
This document provides users with an overview of the Configuration.
Introduction
The Scan configuration view consists of the target information that links to an asset, and the scan settings.
Scan settings include Automated scanning process, allowing restriction of scan duration and its impact on the scanned asset such as the cloud account and the compliance policy.
Requirements
Basic access to the OUTSCAN account and a Netsec, Appsec, or Cloudsec subscription is needed to access the Portal.
Setting up a Cloudsec Scan Configuration
To set up a Cloudsec Scan Configuration:
Open a browser and navigate to https://outscan.outpost24.com/portal, or click the Main Menu > Portal in your OUTSCAN.
In the Portal menu column on the left hand side, click Configuration to expand it.
Click Scan configurations to open the Scan configurations view.
To create a new configuration click on the green plus sign down on the right hand side.
Select which assessment to use, for this example Cloud assessment is chosen.
Select Credentials from the drop down menu. See Scan Credentials for more information on how to set up scan credentials.
Select Policy from the drop down menu.
Select which Regions to scan. For further information about AWS regions see https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html.
Click on the blue Add button in the lower right corner to add the configuration.
If multiple regions are selected, each time the scan configuration runs, the number of scans queued/started will match the number of regions selected.
When aws.access.key.allow.remote = false
and ARN credentials are selected, the scanner dropdown is hidden and the default scanner is selected as value.
Schedules
On the Schedules tab, you create a schedule when the scan should run. The schedule is also accessible through Automation > Schedules in the main menu to the left.
Blocked Time Slot can not be set in Scan Configuration. To set Blocked Time Slot open the schedule in Automation > Schedules.
Add a Schedule
Click on the green plus icon located on the bottom right corner of the screen to open the Add schedule window.
Fill in the schedule form.
Option | Description |
---|---|
Schedule name | Provide a name for the schedule. |
Time | Set a time when the schedule must be triggered. The time value is saved in UTC (Coordinated Universal Time) and the offset corresponds to the system time in the user web browser and therefore might differ for users accessing the schedule options in different time zones. For example, a schedule time set to 10:00 in July (summertime) by a user located in Copenhagen |
Scan window | How long is the period where scanning is allowed. Minimum period is 1 hour and maximum is 7 days. |
Recurrence | Determines the frequency of the scheduled scan. Select one of the available options in the menu: None - The scan will never run. Once - The scan is scheduled to run only once on a select start date. Hour - Set the recurrence window by providing the Number of hours in this field. Day - Set the recurrence window by providing the Number of days in this field. Example: If set to 2, it means that the scan is scheduled to run once in every 2 days. Week - Select on which days of the week the scan should run. Month - Select the occurrence of days, weekday, day of the month when the scan should run. Year - Select on which the day of year the scheduled scan should run. TipA scan is not restarted when a schedule is triggered while it is still running. It starts when the next schedule time ticks. |
Every | N-th Depending on recurrence, Every sets the amount of Hour, Day, Week, Month, Year. Example. N-th=1, Recurrence=Day = Every day. N-th=3, Recurrence=Month = Every third month. N-th=2, Recurrence=Week = Every other week. |
Starts on | Set the start date for the schedule. |
Ends on | Set an end date for the schedule. The schedule becomes inactive after this date. |
Ends after_occurrences | Set the number of occurrences the schedule must be triggered before it becomes inactive. |
Never ends | If set, the schedule never becomes inactive. |
Click on the ADD button to schedule the configuration.
Edit a Schedule
Click on an existing schedule to open the edit function. Follow the same steps as Add a Schedule and click the Save button.
Removing a Schedule
To remove a schedule either:
Right click on the schedule that shall be removed to open a menu.
Then click Delete.
or
Select the schedule you want to remove by ticking the box to the left on the row.
Click on the bin icon at the bottom right of the screen to delete the schedule.
In both cases, confirm by clicking the red DELETE button.
Scan Calendar
To see the schedule click on the Scan Calendar tab You can select between a Month or Week view.
The scheduled scans are displayed in blue and the Blocked Time Slots in red. To adjust the view to other time zone than saved in the schedule, select above Month/Week toggle desired time zone.
The Blocked Time Slots are time periods where scanning is not allowed. If a scan interfere with a blocked time slot, the scan is set to pending during that time and resumes after the time slot is over.
Blocked Time Slots
To block specific time slots click in the calendar to add or remove blocks. To select or deselect multiple block, click and drag across desired area to mark on unmark blocks.
The blocked time is displayed in the Scan Calendar tab as red blocks.
The number in the tab name indicates the number of days that have Blocked Time Slots.
Example Schedule
A schedule is set to run only once on 2023-02-02 at 2:00 PM:
A schedule is set to run everyday at 11:00 AM, starting on 2023-01-20:
A schedule is set to run every week on Tuesday and Thursday at 9:00 AM, starting on 2023-01-20:
A schedule is set to run continuously on every second Tuesday of every third month at 9:30 AM, starting on 2023-01-20:
A schedule is set to run on 18th of every month at 10:00 PM, starting on 2023-01-20:
A schedule is set to run on 18th of every month at 10:00 PM, starting on 2023-01-20 and disabled after 4 occurrences in other words, the scan runs only four times:
A schedule is set to run on 18th of every month at 10:00 PM, starting on 2023-01-20 and disabled from 2024-01-01, 00:00:
Related Articles
- Docker Image Assessment
- Docker Image Discovery
- Cloud Discovery
- Cloud Assessment
- AWS Scanning With OUTSCAN
- Cloud Discovery on HIAB
- Azure Cloud Discovery
- How to Scan AWS ECR Images
- Generate GCP Credentials
- Scan a Docker Image
- Generate AWS Credentials
- Google Registries Scanning with Container Inspection
- Cloudsec Scan Configuration
Copyright
© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Trademark
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.