Real-Time Posture Monitoring settings

Content

• RTPM for AWS
• RTPM for Azure
• RTPM for GCP

RTPM for AWS (Through Account Management)

Set up Requirements

• Ensure that you have CloudTrail enabled. For help, see the Cloud Risk Management Rule CloudTrail Enabled.
• For Existing Cloud Posture Users: Ensure that you have uninstalled the legacy RTPM for Cloud Posture, if you haven’t already:
• For Existing Cloud Risk Management Users: Ensure that you have uninstalled the legacy RTPM for Cloud Posture, if you haven’t already:
• 1. Open a command prompt or shell
  2. Run the following command:

     curl -L https://us-west-2.cloudconformity.com/v1/monitoring/uninstall.sh | bash
           -s 

Installing RTPM for AWS

1. Go to Service Management > Cloud accounts.
2. Under the AWS tab, click on Add Account.
3. Under All Features, toggle Real-Time Posture Monitoring and select the regions.
4. Click on Launch Stack and follow the instructions on the screen.

1. Go to Service Management > Cloud accounts.
2. Under the AWS tab, click on Add Account.
3. Under All Features, toggle Real-Time Posture Monitoring and select the regions.
4. Click on Launch Stack and follow the instructions on the screen.

1. Go to Service Management > Cloud accounts.
2. Click on the AWS account name you wish to install Real-Time Posture Monitoring.
3. From Cloud Accounts Settings > click on the Stack Update tab
4. From Select Features, toggle Real-Time Posture Monitoring
5. Follow the instructions under Update CloudFormation Template. .

Uninstalling RTPM for AWS

1. Sign into the Vision One console, go to Service Management > Cloud accounts.
2. Click on the account name you wish to uninstall Real-Time Posture Monitoring.
3. From Cloud Accounts Settings > click on the Stack Update tab.
4. From Select Features, un-toggle Real-Time Posture Monitoring
5. Follow the instructions under Update CloudFormation Template.

RTPM for Azure

Set up Requirements

1. Install the Azure Command Line Interface: For details, see Install the Azure CLI
2. Sign in with Azure CLI

Note The user should have the following permissions to run the deployment script:

  - Microsoft.Insights/ActivityLogAlerts/\[Read, Write, Delete\]

  - Microsoft.Insights/ActionGroups/\[Read, Write, Delete\]

  - Microsoft.Logic/workflows/\[Read, Write, Delete\]

  - Microsoft.Resources/subscriptions/resourceGroups/\[Read, Write, Delete\]

  - Microsoft.Resources/subscriptions/resourceGroups/deployments/\[Read, Write, Delete\]

Setting up RTPM for Azure

1. Select Install RTPM tab.

   Note If Azure RTPM is not enabled, the default page is 'Install RTPM' tab. No need to select.

2. Select Event Source > Activity Logs.
3. Click the Generate deployment script button. Wait until the button background color becomes green.

   Note The deployment script expires in 15 minutes. If you want to re-run the deployment, you will need to select the event source to regenerate the deployment script and go through the setup again.

4. Open a command prompt or PowerShell. Copy the generated command line and run it on your command-line interface or Powershell.
5. Once the installation is complete:
   1. Open Resource groups (https://azure.microsoft.com/en-au/features/resource-manager/) and verify that ‘CloudOneConformityMonitoring’ is created with the ‘cloudone-conformity-monitoring-logic-app’.
   2. Open Monitor service and select Alerts(https://docs.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-overview).
6. Click Manage alert rules and verify that the following rules are Enabled. This is required to monitor the Azure RTPM events that will appear on the Cloud Risk Management RTPM Dashboard :
   1. cloudone-conformity-monitoring-activity-log-alert-administrative
   2. cloudone-conformity-monitoring-activity-log-alert-autoscale
   3. cloudone-conformity-monitoring-activity-log-alert-policy
   4. Cloudone-conformity-monitoring-activity-log-alert-security

Uninstalling RTPM for Azure

1. Select Uninstall RTPM tab.
2. Select Event Source > Activity Logs.
3. Click the Generate uninstall script button. Wait until the button background color becomes green.

   Note The uninstall script expires in 15 minutes please finish the following steps in valid time. We remove your API key while you click this button, so the script cannot be generated second time. If you don't finish the following script in time, you can also delete the resource group listed in step 5 in your Azure Portal manually.

4. Open a command prompt or PowerShell. Copy the generated command line and run it on your command-line interface or Powershell.
5. Once the uninstallation is complete, Open Resource groups (https://azure.microsoft.com/en-au/features/resource-manager/) and make sure that 'CloudOneConformityMonitoring' is deleted.

RTPM for Google Cloud

1. Go to Cloud Security → Cloud Accounts → Google Cloud
2. Click Add Project
3. Specify the general information for the project and click Next. For more details, see Adding a Google Cloud project. The Features and Permissions screen appears.
4. In Features and Permissions, enable Real-Time Posture Monitoring. The Launch screen appears
5. Follow the instructions on the Launch screen
6. Click on Done to save changes.

1. Go to Cloud Security → Cloud Accounts → Google Cloud
2. Click on the Google cloud proect account name you wish to uninstall Real-Time Threat Monitoring.
3. Go to Resource Update → Features and Permissions
4. Un-toggle Real-Time Posture Monitoring and follow the instructions to complete the action.