Skip to content
This repository has been archived by the owner on Jan 13, 2025. It is now read-only.
/ cspm-to-aws-s3-for-quicksight Public archive

This is an data transfer out of CheckPoint CSPM over to AWS S3 for display as time series data in Quicksight

License

Apache-2.0 license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

BCDevOps/cspm-to-aws-s3-for-quicksight

BranchesTags

Repository files navigation

cspm-to-aws-s3-for-quicksight

This Repository is used to deploy a Dashboard solution for the Cloudguard Protected Assets. Those Dashboards offer a time series view using AWS Quicksight.

architecture

It deploys:

  • AWS

    • S3 Bucket for the data
    • Importation Lambda
    • Transformation Lambda
    • Quicksight data source
    • Quicksight user management
    • Quicksight groups management

  • Keycloack

    • Create the client roles for AWS
    • groups management

How to deploy

Quicksight terraform module being still in progress many API action aren't available yet.
This version of the code integrate as much as possible but many manual action are still left to do.

Please follow this procedure for new account deployement until a better integration terraform ticket

1. Export the necessary variable:
    - AWS credential of the main account
    - AWS Credential of the management account (see variable for more detail)

2. Make sure the Parameter Store entry : `/cloudguard_dashboard/cloudguard_api_keys` is created in the `Operations` account (Example: {"apiKeyId":"<Your_cloudGuard_api_secret>", "apiKeySecret":"<Your_cloudguard_api_secret>"})
    
3. Terraform apply (on first execution quicksight data source creation will fail.)

4. Coonect to AWS Quicksight and launch the service for the account:
    - Subscribe to Entreprise
    - Select region:"ca-central-1"
    - Select Authentication Method: "Use IAM federated identities only"
    - Enter a Name: "CSPM-Dashboard" 
    - Enter a notification Email Adress: ""
    - Select IAM Role: "CloudGuardQuicksightserviceRole"
    - Finish


6. Execute the terraform a second time.

7. Now the DataSource is created in Quicksight, You can now create a new dataset and use "CSPM Assets list by type and account", and with this dataset create a new analyses.
Attention: Change the type of account id, Indeed the account id is labelled as a integer but it's a string. You need to change it on the data prview.  
Also, you need to add the shceduled refresh for Quicksight to import the new data everyday.

8. **BEWARE** On the first execution the Dashboard must be link with the Authors and Admins groups. <Dashboard> -> <Share> -> <select "authors" and "admin">

Please note

The CSPM API provide a greater list of assets than the Web UI. A filter has been created in Quicksight to render the same view.

Here is the list of assets not refderenced in CSPM:

  • IAM policy
  • Subnet
  • Security group
  • NACL
  • event rule
  • IAM Account summary
  • VPC flowlog
  • metric alarm
  • ?? Internet Gateway
  • EIP
  • AMI
  • sns subscription
  • auto scaling group
  • elastic cache
  • VPC Peering connection

About

This is an data transfer out of CheckPoint CSPM over to AWS S3 for display as time series data in Quicksight

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

1 fork
Report repository

Releases 1

v1.0 Latest
Nov 14, 2022

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages