Scan, monitor, and remediate cloud configuration issues with Aqua CSPM (Cloud Security Posture Management). Together with Vulcan Cyber, take your Aqua CSPM data to the next level and automate notifications and ticket system integrations. In this article, you will find how to connect, locate, and automate Aqua CSPM with Vulcan Cyber.
First, log in to the Aqua CSPM Dashboard.
From the dashboard, click on Account Management at the bottom of the left-hand menu and then on API Keys.
Click the Generate Key button and save the resulting API Key and Secret for later use with Vulcan Cyber.
Instructions are here.
The API Secret will not be accessible upon closing the window.
Log in to your Vulcan Cyber dashboard and navigate to Connectors.
Click the Add a Connector button.
Choose Aqua from the connector list.
Enter the previously saved API Key and API Secret.
Expand the Map Aqua severity to Vulcan numerical score section and enter appropriate values for your needs. Example values, are shown below.
Click the Test Connectivity button, and if successful, click the Create button.
You may receive the error, "Failed to establish connection with the server. Message: API requests are not supported with the current account plan.", if your account is not a paid plan.
Navigate to the Connectors page and once the Aqua icon shows as Connected, the connection is complete.
Locating Aqua Vulnerabilities in Vulcan Cyber
As Aqua discovers vulnerabilities, the Vulcan Cyber connector will import those vulnerabilities for reporting and action. With a large number of assets and potential vulnerabilities discovering specific vulnerabilities via source is made easy with filters.
Open the Vulcan Cyber dashboard and navigate to the Vulnerabilities section. Click on the Search or filter vulnerabilities search box, scroll to the Vulnerability Source option, and click to filter by the vulnerability source.
Locate Aqua on the vulnerability source list and click to filter results by Aqua.
Click on any vulnerability to view further information and potentially take action by clicking the Take Action drop-down and choosing an option, as shown below. As also shown below, comprehensive vulnerability details are available as well!
Finding Aqua Cloud Resource Assets in Vulcan Cyber
To quickly locate all synced Cloud Resource assets from Aqua you may leverage the Assets tab in Vulcan Cyber.
Open the Vulcan Cyber dashboard and navigate to the Assets section. Once there, click on the Cloud Resources tab.
Click on the Search or filter codeResources input box and select Connector from the drop-down selection.
Next, scroll down the resulting connector list to locate and click on the Aqua option to view all synced Aqua Cloud Resource assets.
Automating Aqua Vulnerability Actions in Vulcan Cyber
Large environments quickly become unmanageable if constant manual attention and action are necessary to remediate vulnerabilities. Take advantage of the automation capabilities of Vulcan Cyber and the Aqua connector.
Open the Vulcan Cyber dashboard and navigate to the Automation section. Once there, click the Create new Playbook button.
First, give your automation playbook a name, here the name given is, "Assign Critical Aqua Vulnerabilities to Email".
Choose Aqua for the source of vulnerabilities and add the risk is critical vulnerability condition, leaving the rest as defaults.
Click on the Assign via Email as the Remediate Action button.
Choose how the separation of tickets is handled, here up to 200 vulnerabilities are aggregated into a single email. Then add the recipient emails to be notified.
Leave all other steps as default and click on Save and Run.
