TABLE OF CONTENTS


Connecting the Cloud Account to the Aqua Scanner

Before beginning the remediations setup, it is essential to ensure that your Azure cloud account is connected to the Aqua scanner. 


Refer Connecting an Azure Cloud Account to the Aqua Scanner guide for the connection steps.


Configuring Events

There are two modes of operation for Remediations. If you wish to use "Manual + Automated" mode, in which Aqua CSPM will attempt to remediate findings in response to real-time events occurring in your cloud environment, then you must configure the event connection prior to enrolling in Remediations. 


Refer Configuring Events for detailed steps on how to setup events.


Configuring a Remediator

The first step to configure Remediations is to establish a connection between the Aqua CSPM account and your target cloud account in which security risks will be remediated. You can do this by:


1. Navigate to Remediations and select Reports.

2. Select Set Up Remediations from the Remediation Reports page. 

3. In the remediator wizard (https://cloud.aquasec.com/remediator_wizard), select your cloud account from the drop-down.

4. Select a remediator type (Manual or Manual + Automated).

5. Login to the Azure portal and run the following script in the PowerShell Terminal. Make sure to restart and clear the PowerShell before running the script.

$scriptPath = 'https://s3.amazonaws.com/cloudsploit-remediation-resources/production/azure/launcher.ps1'; $remediatorType = 'automated'; $currentuuid = 'f6e25f13-71d1-4ebb-9f03-34fddd2c4c89'; $newuuid = 'd13b29dc-c9c9-42f2-9705-b50a53fbca98'; $rotateSecret = 'KXO2TFRMUW3ILO6B'; $script = (New-Object System.Net.WebClient).DownloadString($scriptPath); $scriptBlock = [Scriptblock]::Create($script); Invoke-Command -ScriptBlock $scriptBlock;

6. After the script ends, copy and paste the Remediator Application ID, Rotator Application ID, Rotator Key Value, Tenant Name, and the Resource Group UUID values generated by the PowerShell script.


7. Click Create Remediator. Your remediator role is now connected to Aqua.


Configuring a Remediation Policy

At this stage, Aqua CSPM now has connectivity to your account, but does not have a policy allowing it to actually perform any remediations. Let's create a policy:

  1. Navigate to the Remediation Policy page: https://cloud.aquasec.com/policies.
  2. Click Create Policy at the top right.
  3. Use the UI to craft rules on how you would like Remediations to occur in your account. You can do this by selecting plugins from the drop-down and choosing whether to allow manual or automated remediations, or both.
  4. Apply the policy to either a cloud account or Aqua Cloud group (which will apply the policy to all cloud accounts in that group).
  5. Click Save to apply the policy.


If you want to set up remediation alerts, follow the steps mentioned in Remediation Alerts.


Performing Remediations

After defining a policy, you can test out manual Remediations from the Scan Report page (automated Remediations will simply occur whenever a matching event is detected).

  1. Navigate to the Scan Reports page. 
  2. Navigate to a remediation report for the Azure cloud account you have connected to Remediations.
  3. Click on the Detailed Results tab to view the detailed remediation results.
  4. Filter for results that can be remediated by choosing Yes from the drop-down under Remediable.
  5. Click the drop-down menu to the right of the result and choose Remediate Result.
  6. In the popup, enter your Token Code. You can locate this code by finding the last 6 digits from the external ID deployed for the remediator role in your account.
  7. Enter any other required or optional fields and click to Remediate.
  8. You can also view the remediation results from the Remediation Reports page.