Aqua Onboarding Guide
This guide will help you set up your Aqua account, onboard your cloud infrastructure, and then get more from your investment. We will walk through the process of configuring your Aqua account, setting up proper security standards for access, connecting cloud IaaS accounts, and effectively managing Aqua's Cloud Security Posture Management (CSPM) tool.
TABLE OF CONTENTS
- Create An Aqua Account
- Connect Your Cloud Accounts to Aqua
- Access Scan Reports
- Add Teammates
- Set Up Real-Time Event Monitoring
- Integrate Into Your Ecosystem
- Add Compliance Analysis
- Set Up Remediations
- Use the Additional Tools
- Scan Container Images
- Access Via API
- Administer Your Account
Create An Aqua Account
After reading the Aqua overview, the next step is to create an Aqua account at https://cloud.aquasec.com
Aqua is compliant with SOC II Type 2 and ISO 27001 standards.
Connect Your Cloud Accounts to Aqua
- Get a single pane of glass into all of your cloud infrastructures by adding all of your cloud accounts {AWS Account, Azure Subscription, GCP Project, Oracle Compartment, Alibaba Account} to your Aqua account.
For your security, Aqua requires visibility into configurations and not the content within your cloud infrastructure.
- Optional: To limit visibility and maintain organization, create groups, and put the cloud accounts into the appropriate group.
A Cloud Account can only be in one group at a time. To change groups follow these steps.
- Optionally, add labels to cloud accounts in the console in order to improve organization and simplify searches for said infrastructure.
Customize Cloud Account Scanning
- Make sure that cloud accounts are being scanned automatically.
- Optional: Change when and the frequency with which a cloud account is scanned.
- Optional: Suppress scan results.
- Optional: Perform an on-demand scan.
- Optional: Perform a Live Run scan (i.e. scan using a single plug-in).
Access Scan Reports
Aqua CSPM scan reports are run periodically and provide details about the security posture of your infrastructure. Read our overview of scan reports here.
Add Teammates
- Add everyone who may need visibility or administrative access to this "pane of glass" to your Aqua account.
- To limit visibility and maintain organization, create groups, and then grant members permissions in that group.
Set Up Single Sign-On
Implement Single Sign-On (SSO) if it is available.
Once SSO is in place, we highly recommend limiting logins via SAML to prevent users from signing up with password-based logins.- Optional: configure Just In Time (JIT) provisioning of user accounts on your behalf.
- Optional: create a break-glass user to bypass SSO requirements.
Set Up Real-Time Event Monitoring
Aqua's Events is a real-time API auditing service for control-plane level activity within cloud accounts. It analyzes each supported API call for violations of security best practices, as well as potential compromises or malicious activity.
- You can suppress Events on an ongoing or temporary basis.
Integrate Into Your Ecosystem
Deliver the desired results to the appropriate recipients via the available integrations. The recipients can take appropriate actions, including logging into the console for more information.
- Configure integrations to receive scan alerts.
- Configure integration to receive scan reports.
- Optional: correlate findings with AWS GuardDuty.
Add Compliance Analysis
Compliance scans work by defining the security controls required by the program and then mapping plugins to that control.
- Review the supported compliance programs and access their reports from the "Scan Reports" page (click into a report and select the "Compliance" tab).
- Create a custom compliance report since controls for compliance programs are often much larger than what CSPM can see.
Set Up Remediations
Aqua CSPM is designed to help you surface and fix security risks in your cloud environments as quickly as possible. While the information in a finding and the hyperlinks therein are useful, and our integrations and APIs efficiently create awareness, automated remediation is an additional option. Remediations help you fix security risks in your cloud accounts without having to develop complex scripts, deploy error-prone templates, or make risky changes manually. They have two methods of being initiated.
Use the Additional Tools
Get familiar with the additional tools that are part of the offering.
Secure Infrastructure As Code (IaC)
The IaC scanning tool is entirely separate from the traditional scanning model. It performs local static analysis on the following provided templates to help detect security risks before they are introduced into the account.
They can be uploaded via the UI or via the API.
Visualize Resources
Get a visualization of file storage in order to find security concerns with the following infrastructure.
View Organizational Reports
Organization-wide reports allow you to aggregate scan results into a single report.
Access Your Cloud Account Event History
See recent entries in the audit log of changes in configurations of your cloud infrastructure.
Scan Container Images
Image Scanning detects and mitigates known and unknown risks in your container images.
- Vulnerability Scanning (VS) detects known vulnerabilities (CVEs) in your container images.
Connect your container registries to enable scanning.
Access Via API
The Aqua API can also be used by generating an API key from the console.
Set access control limitations for API users.
- Code samples are available at https://github.com/aquasecurity/saas-api-samples
Administer Your Account
- Sign up for notification about the addition of new plugins. This notice is also available via an SNS topic.
- Review the changelog at https://cloud.aquasec.com/changelog
- See system status and uptime history.
- Subscribe to company blog posts regarding CSPM.
Did you find it helpful? Yes No
Send feedback