Views:
The Real-Time Posture Monitoring (RTPM) settings allow you to install, update and delete the required resources for RTPM. Once you create the required resources, events from the cloud account appear on the RTPM event monitoring dashboard, and a subset of Rules start to update based on these events. We provide both Powershell and Bash scripts to set up RTPM.
Note
Note
  • For AWS Accounts: Real-Time Posture Montoring can be enabled through Account Management in Trend Vision One.
  • For Azure and Google Cloud Accounts: You can enable the feature by running the executable scripts mentioned in the sections below.

Content

RTPM for AWS (Through Account Management)

Set up Requirements

  • Ensure that you have CloudTrail enabled. For help, see the Cloud Posture Rule CloudTrail Enabled.
  • For Existing Cloud Posture Users: Ensure that you have uninstalled the legacy RTPM for Cloud Posture, if you haven’t already:
    1. Open a command prompt or shell
    2. Run the following command: 
      curl -L https://us-west-2.cloudconformity.com/v1/monitoring/uninstall.sh | bash
      -s

Installing RTPM for AWS

Installing RTPM for a new AWS Account:
  1. Go to Service Management > Cloud accounts.
  2. Under the AWS tab, click on Add Account.
  3. Under All Features, toggle Real-Time Posture Monitoring and select the regions.
  4. Click on Launch Stack and follow the instructions on the screen.
Installing RTPM for a new AWS Organisation:
  1. Go to Service Management > Cloud accounts.
  2. Under the AWS tab, click on Add Account.
  3. Under All Features, toggle Real-Time Posture Monitoring and select the regions.
  4. Click on Launch Stack and follow the instructions on the screen.
Installing RTPM for an existing AWS Account:
  1. Go to Service Management > Cloud accounts.
  2. Click on the AWS account name you wish to install Real-Time Posture Monitoring.
  3. From Cloud Accounts Settings > click on the Stack Update tab
  4. From Select Features, toggle Real-Time Posture Monitoring
  5. Follow the instructions under Update CloudFormation Template. .

Uninstalling RTPM for AWS

To uninstall RTPM from an AWS account in your organisation:
  1. Sign into the Vision One console, go to Service Management > Cloud accounts.
  2. Click on the account name you wish to install Real-Time Posture Monitoring.
  3. From Cloud Accounts Settings > click on the Stack Update tab.
  4. From Select Features, un-toggle Real-Time Posture Monitoring
  5. Follow the instructions under Update CloudFormation Template.

RTPM for Azure

Set up Requirements

  1. Install the Azure Command Line Interface: For details, see Install the Azure CLI
  2. Sign in with Azure CLI
Note
Note
The user should have the following permissions to run the deployment script:
 
  - Microsoft.Insights/ActivityLogAlerts/\[Read, Write, Delete\]

  - Microsoft.Insights/ActionGroups/\[Read, Write, Delete\]

  - Microsoft.Logic/workflows/\[Read, Write, Delete\]

  - Microsoft.Resources/subscriptions/resourceGroups/\[Read, Write, Delete\]

  - Microsoft.Resources/subscriptions/resourceGroups/deployments/\[Read, Write, Delete\]

Setting up RTPM for Azure

  1. Select Install RTPM tab.
    Note
    Note
    If Azure RTPM is not enabled, the default page is 'Install RTPM' tab. No need to select.
  2. Select Event Source > Activity Logs.
  3. Click the Generate deployment script button. Wait until the button background color becomes green.
    Note
    Note
    The deployment script expires in 15 minutes. If you want to re-run the deployment, you will need to select the event source to regenerate the deployment script and go through the setup again.
  4. Open a command prompt or PowerShell. Copy the generated command line and run it on your command-line interface or Powershell.
  5. Once the installation is complete:
    1. Open Resource groups (https://azure.microsoft.com/en-au/features/resource-manager/) and verify that ‘CloudOneConformityMonitoring’ is created with the ‘cloudone-conformity-monitoring-logic-app’.
    2. Open Monitor service and select Alerts(https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview).
  6. Click Manage alert rules and verify that the following rules are Enabled. This is required to monitor the Azure RTPM events that will appear on the Cloud Posture RTPM Dashboard :
    1. cloudone-conformity-monitoring-activity-log-alert-administrative
    2. cloudone-conformity-monitoring-activity-log-alert-autoscale
    3. cloudone-conformity-monitoring-activity-log-alert-policy
    4. Cloudone-conformity-monitoring-activity-log-alert-security
Once you verify the rules, we can confirm your RTPM Set up.

Uninstalling RTPM for Azure

  1. Select Uninstall RTPM tab.
  2. Select Event Source > Activity Logs.
  3. Click the Generate uninstall script button. Wait until the button background color becomes green.
    Note
    Note
    The uninstall script expires in 15 minutes please finish the following steps in valid time. We remove your API key while you click this button, so the script cannot be generated second time. If you don't finish the following script in time, you can also delete the resource group listed in step 5 in your Azure Portal manually.
  4. Open a command prompt or PowerShell. Copy the generated command line and run it on your command-line interface or Powershell.
  5. Once the uninstallation is complete, Open Resource groups (https://azure.microsoft.com/en-au/features/resource-manager/) and make sure that 'CloudOneConformityMonitoring' is deleted.

RTPM for Google Cloud

  1. Install the Google Cloud Command Line Interface: For details, see Install the gcloud CLI
  2. Sign in with gcloud CLI
Note
Note
The user should have the following permissions to run the deployment script:
 
  storage.buckets.create

  storage.buckets.delete

  storage.objects.list

  storage.objects.get

  storage.objects.create

  storage.objects.delete

  deploymentmanager.deployments.create

  The service account [PROJECT_NUMBER]@cloudservices.gserviceaccount.com should have the following roles to run the deployment script:
  
  Editor

  Logging Admin
  
  Pub/Sub Admin

Setting up RTPM for GCP

  1. Select Event Source > Activity Logs
  2. Click the Generate deployment script button. Wait until the button background color becomes green.
    Note
    Note
    The deployment script expires in 15 minutes. If you want to re-run the deployment, you will need to select the event source to regenerate the deployment script and go through the setup again.
  3. Open a command prompt or PowerShell. Copy the generated command line and run it on your command-line interface or Powershell.
  4. Once the installation is complete, open Deployment Manager (https://console.cloud.google.com/dm/deployments) and verify that ‘cloudone-conformity-monitoring’ deployment is created with the following resources:
    gcp-deployment=3aec4a71-96f4-4e5a-a4c0-96b8a4b724f0.png