Welcome to Aqua Platform


Thank you and congratulations on selecting Aqua Platform to secure your cloud-native applications, from development through production! This introduction: 

  • Provides a high-level description of Aqua Platform solution offerings
  • Shows you how to identify the Aqua Platform edition, plan, and products you are using
  • Directs you to relevant sources of information for getting started, using the full capabilities of your products, and troubleshooting problems you may encounter


Aqua Platform Editions


Aqua Platform offers two editions:

  • SaaS (software-as-a-service): The core infrastructure and services of Aqua Platform are deployed and maintained by Aqua Security. There are several SaaS plans available. Each has been designed to meet various kinds of security requirements: from non-production use by individual developers, through large-scale production enterprises. The Enterprise plan provides the most complete security controls for cloud-native applications.
  • Enterprise Self-Hosted: This comprehensive cloud-native security platform is deployed and maintained by you in your own environment. This edition is also referred to as "on-premises" or simply "on-prem".


Enterprise add-on products


You can tailor the functionality of the Enterprise offerings (both the SaaS Enterprise plan and the Self-Hosted Edition) by obtaining separately licensed add-on products. Many products can be further configured with individual product usage (capacity) limits. Add-on products include the following:

  • Aqua Enforcer: Runtime security for containerized workloads, Docker registry and image discovery, Kubernetes CIS benchmark testing, cluster penetration testing, Kubernetes admission control for workloads
  • Kubernetes Security: As above, plus Kubernetes Assurance Policies and runtime security with the Pod Enforcer
  • Vulnerability Shield (vShield): Prevents attackers from being able to exploit a specific vulnerability in all containers based on the image in question
  • Dynamic Threat Analysis (DTA): Dynamically assesses the risks that container images pose before they are run as containers in a live environment
  • Advanced Malware Protection: Real-time malware protection and remediation in VMs and containers
  • Advanced Functions: Runtime protection of serverless functions


Identifying your edition


Use your web browser to access Aqua Platform, per the instructions provided by Aqua Security.


 If your login screen looks like the screenshot immediately below, you are using one of the SaaS plans. For further information, see SaaS Edition below.



▶ If your login screen looks like the next screenshot (or similarly, if sign-on has been configured for SSO) you are using Enterprise Self-Hosted. For further information, see Enterprise Self-Hosted Edition below.



SaaS Edition


Plans


Your Aqua Platform SaaS account has been provisioned per one of four available plans. Each plan offers a different combination of security-related functionality and/or monthly capacity limits (calculated as Aqua units). In brief, the plans are as follows:

  • Team: Includes both CSPM and container image scanning. This plan is intended for use by small-scale teams.
  • AdvancedIncludes the same functionality as the Team plan, with higher capacity limits. This plan also supports SSO/SAML login. It is intended for use by large-scale teams.
  • EnterpriseProvides the most complete security for cloud-native applications. The Enterprise plan secures your:
    • Build (e.g., containerized application images and serverless functions)
    • Infrastructure (e.g., cloud accounts, workload configurations, and VMs)
    • Workloads (e.g., running containers and serverless functions)


This plan is suitable for enterprise-scale, multiple-team environments. The number of Aqua units can be customized to meet your organization's requirements.


Refer to Aqua Platform Plans & Pricing for more detailed information on the functionality, as well as Aqua unit limits and calculations, for each SaaS plan.



Identifying your SaaS plan


After logging in to Aqua Platform SaaS Edition, you will see the main dashboard. (If you have not initialized your account, you will see a screen titled "Welcome to Aqua Security", which will assist you in performing your first cloud-native integration.) 


The upper right of the screen includes a "person" icon. Clicking it will display your login email address:



Click your email address to see the Plans & Billing screen, which shows your current SaaS plan and utilization of Aqua units. For example:




Mega menu and modules


Functionality in the SaaS Edition is logically grouped into modules. Each module is selectable at any time in the mega menu of the UI. To display the mega menu:

 Click the grid in the upper left corner of the screen. Each menu is shown below:




If the Image Scanning or Workload Protection menu entry is greyed-out, it means that the corresponding module is not available in your plan. You can click Learn More in the menu entry to see information about the module and plan upgrades.


Functionality and documentation


The table below shows which modules are included in each SaaS plan, and includes a high-level description of the functionality in each module. Documentation for the Aqua SaaS plans is found in the Aqua Support Portal. You can click the module names in the header of the table to see the related documentation.


In addition, note the following:

  • Account Management: Basic capabilities are included with the Team plan; more complete capabilities are included with Advanced and Enterprise.
  • CSPM: Basic capabilities are included with the Team plan; more complete capabilities are included with Advanced and Enterprise.
  • Image Scanning: Container image scanning capabilities are included with the Team and Advanced plans. (The Enterprise plan offers more advanced image-scanning capabilities in the Workload Protection module.)
  • Workload Protection: Provides complete security for cloud-native applications (including all functionality of the Image Scanning module); see Plans above. More on documentation:
    • The folder called Workload Protection Essentials provides an overview of Workload Protection functionality. Its main purpose is to provide links to SaaS Edition context-sensitive help articles; links within these articles point to detailed information in the Aqua Enterprise Documentation Portal.
    • For supplementary information, including troubleshooting procedures, go to the Aqua Knowledge Base and click the tile Aqua Enterprise. Most articles pertain to both Enterprise editions: SaaS and Self-Hosted.



Module (click header to see the documentation)
▼ SaaS planAccount Management
CSPMImage ScanningWorkload Protection
TeamUsers and GroupsYESContainer image scanning
AdvancedUsers and Groups, Roles, Permission Sets, SSO/SAML loginYESContainer image scanning
EnterpriseUsers and Groups, Roles, Permission Sets, SSO/SAML loginYES(functionality included in Workload Protection)YES


Context-sensitive help


Most UI screens of the Aqua Platform SaaS Edition have a Get Help icon in the lower right corner. Clicking it will display a window that includes links to documentation topics related to the screen you are viewing. These topics are found in the Aqua Support Portal.



Legacy SaaS offering


Aqua's legacy SaaS offering, Aqua Wave, included the Team, Advanced, and Premier plans. The documentation for the Account Management and Image Scanning modules includes separate folders related to this offering.


Enterprise Self-Hosted Edition


Overview


As described above, the Enterprise Self-Hosted Edition is a comprehensive cloud-native security platform. It is deployed and maintained by you in your own environment. This edition is also referred to as "on-premises" or simply "on-prem".


The functionality provided depends on the products you have obtained; see Add-on products above. A complete set of products provides the same functionality (with minor differences) as the Aqua SaaS Edition Workload Protection module (see above).


Versioning


Unlike the SaaS Edition, Enterprise Self-Hosted Edition deployments are identified by a major version and update number (e.g., 2022.4 Update 3 or 6.5 Update 23) as well as a precise identifier (e.g., 2022.4.98 or 6.5.22216) which includes the major version and the Julian date of the product build. The version identification of your deployment is shown both on the login screen and in the UI under Settings > Licenses. For example:


Documentation


For full documentation, go to the Aqua Enterprise Documentation Portal. (Access to this portal requires a product license for either the Self-Hosted Edition or the Aqua SaaS Edition Enterprise plan.) Use the drop-down version selector, as shown in the following screenshots, to choose the documentation of the same major version as your deployment.


To see documentation for the SaaS Edition Enterprise plan, select the most recent version (e.g., 2022.4 as seen below).




Three options appear at the top of each page:

  • Click Guides to return to the start of the documentation from any page
  • Click API Reference to view REST API documentation (syntax and usage)
  • Knowledge Base: see below


Knowledge base


For supplementary information, including troubleshooting procedures, go to the Aqua Knowledge Base and click the tile Aqua Enterprise. Most articles pertain to both Enterprise editions: SaaS and Self-Hosted.


For further information


For information on Aqua Security and its solution offerings, please visit our website.


The Aqua Success Portal provides access to a wealth of resources related to product usage, education, and support.


The Aqua Security GitHub site contains many repositories related to our open-source projects, product deployments, code samples, and more. Our product documentation and knowledge base contain many links to specific repositories on this site.