WIXLIB

CloudViewUser GuideJune 09, 2021

Copyright 2019-2021 by Qualys, Inc. All Rights Reserved.Qualys and the Qualys logo are registered trademarks of Qualys, Inc. All other trademarksare the property of their respective owners.Qualys, Inc.919 E Hillsdale Blvd4th FloorFoster City, CA 944041 (650) 801 6100

Table of ContentsAbout this Guide . 7About Qualys . 7Qualys Support . 7CloudView Overview . 8Qualys Subscription and Modules required . 8Concepts and Terminologies . 9Get Started . 10AWS . 10Steps to Create AWS Connector . 10Base Account . 16Base Account Configuration in AWS Console . 18Permissions for Fargate Profile . 19Editing AWS Connectors . 21AWS Resource Inventory . 21Microsoft Azure . 24Pre-requisites . 24Steps to Create Azure Connector . 25Configuration Steps on Microsoft Azure console . 27Editing Microsoft Azure Connectors . 35Azure Resource Inventory . 35Google Cloud Platform . 37Steps to Create GCP Connector . 37Assign Service Account to other projects . 42Editing GCP Connectors . 43GCP Resource Inventory . 43Enable-Disable Connectors . 44Disable Connector . 44Enable Connector . 44Managing Connector Access for Users. 46User Permissions . 46New Users: Scope and Permissions . 47Create User . 47Assign Role to Users . 48Manage Access for Users (Grouping Connectors) . 49Manage Access for Users . 51Defining Scope for Existing Users . 53Sub User (All Privileges) . 54Sub User (Reader Privileges) . 57Verity Confidential

Securing Cloud Resources.59Dashboard . 59Resources Details . 60Instance Details . 61Vulnerability Details for Instances . 61Drill down to Vulnerability Details for Instances (only for AWS) . 64View Security Group Information . 65Resources Misconfigurations . 67Search Using Resource Parameter Information . 71Search Policy Controls . 72Exceptions . 75Create Exception . 75View Exceptions . 80Edit Exceptions? . 80Delete exceptions? . 81Exception History . 81Exception Status . 81Policies and Controls . 83Customize Controls . 83Control Criticality . 83System Controls . 85User-Defined Controls . 85Copy Control and Customize . 85Build Your Own Policy . 87System Defined Policy . 87Set Up Your Own Policy (Custom Policy) . 87Policy Search . 89Associating Controls . 89Reports . 90Assessment Reports . 90On-Screen Reports . 93Mandate Based Reporting . 93Policy Based Report . 97List of Mandates . 100Responses. 102Configure Rule-based Alerts . 102Create and Manage Actions . 103Create a new Action . 103Manage Actions . 104Create and Manage Rules . 104Create New Rule . 104

Manage Rules . 106Manage Alerts . 106Sample Queries . 106Trigger Critiera . 107Alerting Permissions . 108Remediating Cloud Resources .110Configuring Remediation . 110Pre-requisites . 110Configure Remediation for New Connectors: AWS . 111Enable Remediation for New Connectors . 111Configuration on AWS Console . 112Enable Remediation for Existing AWS Connectors . 114Configure Remediation: Microsoft Azure . 115Pre-requisites . 115Enable Remediation for New Azure Connectors . 115Configuration on Microsoft Azure Console . 116Enabling Remediation for Existing Azure Connectors . 117Configure Remediation: GCP . 117Enable Remediation for New GCP Connectors . 117Configuration on GCP Console . 118Enabling Remediation for Existing GCP Connectors . 120Viewing Remediation Activity . 121Remediation Activity: AWS . 121Remediation Activity: Microsoft Azure . 122Remediation Activity: GCP . 122Remediating Cloud Resources . 123Remediable Evaluations . 123Actions for Cloud Resources (AWS) . 125Stop Instance . 125Remove IAM Profile . 126Permissions Required . 127CloudView APIs . 130Accessing APIs Using Swagger . 130What’s more in CloudView . 132Automatic Connector Creation . 132Role-based Access Management . 132Download Datalist . 135Choosing Data Range . 136Saved Search . 136Customize Dashboards . 138How to Take Action . 1385

Adding custom widgets . 138Refresh your view . 140Configure number of Resources, Controls . 140Appendix: List of Policies and Controls . 141AWS Policies . 142CIS Amazon Web Services Foundations Benchmark . 142AWS Best Practices Policy . 144AWS Lambda Best Practices Policy . 147AWS Database Service Best Practices Policy . 149Azure Policies . 152CIS Microsoft Azure Foundations Benchmark . 152Azure Best Practices Policy . 156Azure Function App Best Practices Policy . 158Azure Database Service Best Practices Policy . 159GCP Policies . 161CIS Google Cloud Platform Foundation Benchmark . 161GCP Best Practices Policy . 165GCP Cloud Functions Best Practices Policy . 166GCP Kubernetes Engine Best Practices Policy . 166GCP Cloud SQL Best Practices Policy . 167

About this GuideAbout QualysAbout this GuideWelcome to Qualys CloudView! We’ll help you get acquainted with the Qualys solutionsfor securing your AWS, Azure, and GCP resources using the Qualys Cloud SecurityPlatform.About QualysQualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security andcompliance solutions. The Qualys Cloud Platform and its integrated apps help businessessimplify security operations and lower the cost of compliance by delivering criticalsecurity intelligence on demand and automating the full spectrum of auditing,compliance and protection for IT systems and web applications.Founded in 1999, Qualys has established strategic partnerships with leading managedservice providers and consulting organizations including Accenture, BT, CognizantTechnology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT,Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also afounding member of the Cloud Security Alliance (CSA). For more information, please visitwww.qualys.comQualys SupportQualys is committed to providing you with the most thorough support. Through onlinedocumentation, telephone help, and direct email support, Qualys ensures that yourquestions will be answered in the fastest time possible. We support you 7 days a week,24 hours a day. Access online support information at www.qualys.com/support/.7

CloudView OverviewQualys Subscription and Modules requiredCloudView OverviewQualys CloudView provides visibility and continuous security across all of your cloudenvironments.With CloudView you’ll get these features:- Discover assets and resources across all regions from multiple accounts and multiplecloud platforms- Search resource metadata, view resource details and show associations across resources- Out-of-box AWS, Azure, GCP policies- Continuously assess and report resource misconfigurations by checking against thecontrols from out-of-box policies- Build your own policies and customize controls to suit your need- Ability to view, filter and export misconfigurationsQualys Subscription and Modules requiredCheck that you have these modules available in your subscription:- CloudView- Vulnerability Management (only if you want to view host vulnerability information)- AssetView- Cloud Agents for VM- AdministrationIf you need access to a module, please contact your Qualys Technical Account Manager(TAM).8

CloudView OverviewConcepts and TerminologiesConcepts and TerminologiesGet familiar with common terms used in CloudView.ConceptDescriptionPolicyA set of configurat

6 About this Guide About Qualys About this Guide Welcome to Qualys CloudView! We’ll help you get acquainted with the Qualys solutions for securing your AWS, Azure