The Real-Time Posture Monitoring (RTPM) settings allow you to install,
update and delete the required resources for RTPM. Once you create the required
resources, events from the cloud account appear on the RTPM event monitoring
dashboard, and a subset of Rules start to update based on these events. We provide both
Powershell and Bash scripts to set up RTPM. cksmdcklmsdcllklll
Note
|
Content
RTPM for AWS (Through Account Management)
Set up Requirements
- Ensure that you have CloudTrail enabled. For help, see the Cloud Posture Rule CloudTrail Enabled.
- For Existing Cloud Posture Users: Ensure that you have uninstalled the legacy RTPM for Cloud Posture, if you haven’t already:
-
- Open a command prompt or shell
- Run the following command:
curl -L https://us-west-2.cloudconformity.com/v1/monitoring/uninstall.sh | bash -s
Installing RTPM for AWS
Installing RTPM for a new AWS Account:
- Go to Service Management > Cloud accounts.
- Under the AWS tab, click on Add Account.
- Under All Features, toggle Real-Time Posture Monitoring and select the regions.
- Click on Launch Stack and follow the instructions on the screen.
Installing RTPM for a new AWS Organisation:
- Go to Service Management > Cloud accounts.
- Under the AWS tab, click on Add Account.
- Under All Features, toggle Real-Time Posture Monitoring and select the regions.
- Click on Launch Stack and follow the instructions on the screen.
Installing RTPM for an existing AWS Account:
- Go to Service Management > Cloud accounts.
- Click on the AWS account name you wish to install Real-Time Posture Monitoring.
- From Cloud Accounts Settings > click on the Stack Update tab
- From Select Features, toggle Real-Time Posture Monitoring
- Follow the instructions under Update CloudFormation Template. .
Uninstalling RTPM for AWS
To uninstall RTPM from an AWS account in your organisation:
- Sign into the Vision One console, go to Service Management > Cloud accounts.
- Click on the account name you wish to install Real-Time Posture Monitoring.
- From Cloud Accounts Settings > click on the Stack Update tab.
- From Select Features, un-toggle Real-Time Posture Monitoring
- Follow the instructions under Update CloudFormation Template.
RTPM for Azure
Set up Requirements
- Install the Azure Command Line Interface: For details, see Install the Azure CLI
- Sign in with Azure CLI
NoteThe user should have the following permissions to run the
deployment script:
|
- Microsoft.Insights/ActivityLogAlerts/\[Read, Write, Delete\] - Microsoft.Insights/ActionGroups/\[Read, Write, Delete\] - Microsoft.Logic/workflows/\[Read, Write, Delete\] - Microsoft.Resources/subscriptions/resourceGroups/\[Read, Write, Delete\] - Microsoft.Resources/subscriptions/resourceGroups/deployments/\[Read, Write, Delete\]
Setting up RTPM for Azure
- Select Install RTPM tab.
Note
If Azure RTPM is not enabled, the default page is 'Install RTPM' tab. No need to select. - Select Event Source > Activity Logs.
- Click the Generate deployment script button. Wait until the button background color
becomes green.
Note
The deployment script expires in 15 minutes. If you want to re-run the deployment, you will need to select the event source to regenerate the deployment script and go through the setup again. - Open a command prompt or PowerShell. Copy the generated command line and run it on your command-line interface or Powershell.
- Once the installation is complete:
- Open Resource groups (https://azure.microsoft.com/en-au/features/resource-manager/) and verify that ‘CloudOneConformityMonitoring’ is created with the ‘cloudone-conformity-monitoring-logic-app’.
- Open Monitor service and select Alerts(https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview).
- Click Manage alert rules and verify that the following rules are
Enabled. This is required to monitor the Azure RTPM events that
will appear on the Cloud Posture RTPM
Dashboard :
- cloudone-conformity-monitoring-activity-log-alert-administrative
- cloudone-conformity-monitoring-activity-log-alert-autoscale
- cloudone-conformity-monitoring-activity-log-alert-policy
- Cloudone-conformity-monitoring-activity-log-alert-security
Once you verify the rules, we can confirm your RTPM Set up.
Uninstalling RTPM for Azure
- Select Uninstall RTPM tab.
- Select Event Source > Activity Logs.
- Click the Generate uninstall script button. Wait until the button
background color becomes green.
Note
The uninstall script expires in 15 minutes please finish the following steps in valid time. We remove your API key while you click this button, so the script cannot be generated second time. If you don't finish the following script in time, you can also delete the resource group listed in step 5 in your Azure Portal manually. - Open a command prompt or PowerShell. Copy the generated command line and run it on your command-line interface or Powershell.
- Once the uninstallation is complete, Open Resource groups (https://azure.microsoft.com/en-au/features/resource-manager/) and make sure that 'CloudOneConformityMonitoring' is deleted.
RTPM for Google Cloud
- Install the Google Cloud Command Line Interface: For details, see Install the gcloud CLI
- Sign in with gcloud CLI
Note The user should have the following permissions to run the
deployment script:
|
storage.buckets.create storage.buckets.delete storage.objects.list storage.objects.get storage.objects.create storage.objects.delete deploymentmanager.deployments.create The service account [PROJECT_NUMBER]@cloudservices.gserviceaccount.com should have the following roles to run the deployment script: Editor Logging Admin Pub/Sub Admin
Setting up RTPM for GCP
- Select Event Source > Activity Logs
- Click the Generate deployment script button. Wait until the button background color becomes green.
Note
The deployment script expires in 15 minutes. If you want to re-run the deployment, you will need to select the event source to regenerate the deployment script and go through the setup again. - Open a command prompt or PowerShell. Copy the generated command line and run it on your command-line interface or Powershell.
- Once the installation is complete, open Deployment Manager (https://console.cloud.google.com/dm/deployments) and verify that ‘cloudone-conformity-monitoring’ deployment is created with the following resources: