TABLE OF CONTENTS
- Connecting the Cloud Account to the Aqua Scanner
- Configuring Events
- Configuring a Remediator
- Configuring a Remediation Policy
- Performing Remediations
Connecting the Cloud Account to the Aqua Scanner
Before beginning the remediations setup, it is essential to ensure that your Azure cloud account is connected to the Aqua scanner.
Refer Connecting an Azure Cloud Account to the Aqua Scanner guide for the connection steps.
There are two modes of operation for Remediations. If you wish to use "Manual + Automated" mode, in which Aqua CSPM will attempt to remediate findings in response to real-time events occurring in your cloud environment, then you must configure the event connection prior to enrolling in Remediations.
Refer Configuring Events for detailed steps on how to setup events.
Configuring a Remediator
The first step to configure Remediations is to establish a connection between the Aqua CSPM account and your target cloud account in which security risks will be remediated. You can do this by:
1. Navigate to Remediations and select Reports.
2. Select Set Up Remediations from the Remediation Reports page.
3. In the remediator wizard (https://cloud.aquasec.com/remediator_wizard), select your cloud account from the drop-down.
4. Select a remediator type (Manual or Manual + Automated).
5. Login to the Azure portal and run the following script in the PowerShell Terminal. Make sure to restart and clear the PowerShell before running the script.
$scriptPath = 'https://s3.amazonaws.com/cloudsploit-remediation-resources/production/azure/launcher.ps1'; $remediatorType = 'automated'; $currentuuid = 'f6e25f13-71d1-4ebb-9f03-34fddd2c4c89'; $newuuid = 'd13b29dc-c9c9-42f2-9705-b50a53fbca98'; $rotateSecret = 'KXO2TFRMUW3ILO6B'; $script = (New-Object System.Net.WebClient).DownloadString($scriptPath); $scriptBlock = [Scriptblock]::Create($script); Invoke-Command -ScriptBlock $scriptBlock;
6. After the script ends, copy and paste the Remediator Application ID, Rotator Application ID, Rotator Key Value, Tenant Name, and the Resource Group UUID values generated by the PowerShell script.
7. Click Create Remediator. Your remediator role is now connected to Aqua.
Configuring a Remediation Policy
At this stage, Aqua CSPM now has connectivity to your account, but does not have a policy allowing it to actually perform any remediations. Let's create a policy:
If you want to set up remediation alerts, follow the steps mentioned in Remediation Alerts.
After defining a policy, you can test out manual Remediations from the Scan Report page (automated Remediations will simply occur whenever a matching event is detected).