Getting started with Cloud Security Watcher

release/20240425
English

Getting started with Cloud Security Watcher

Article Summary

Share feedback

Thanks for sharing your feedback!

Available in VPC

If you have checked the support environment and requirements for Cloud Security Watcher and familiarized yourself with the preparations and glossary, you are ready to start using Cloud Security Watcher. The first thing to do now is to request subscription for the Cloud Security Watcher service. You can request subscription to Cloud Security Watcher and manage your subscription in NAVER Cloud Platform's console.

Request subscription

The following describes how to request a subscription to Cloud Security Watcher:

Access the NAVER Cloud Platform console.
From the Platform menu, click and select VPC.
Click Services > Security > Cloud Security Watcher.
Click the [Request subscription] button.
Read the Terms and Conditions, agree to them, and then click the [Confirm] button.

Caution

The paid products will incur usage fees from the moment of creation even if you haven't actually used it. If you do not want to be charged, you have to cancel or terminate it directly from the console. Please note that the amount charged for not terminating can't be refunded.

Create Cloud Security Watcher

The following describes how to create Cloud Security Watcher.

Click the Services > Security > Cloud Security Watcher menu in NAVER Cloud Platform console one by one in order.
Click the Dashboard menu.
Click the [+ Create CSW] button.
Enter the group information to be created in accordance with the conditions.
- Group name: basic unit that can be checked on the dashboard. Can check assets included in the group
- Administrator ID: dashboard administrator’s ID
- Administrator name: dashboard administrator’s name
- Email: email information that is used to issue a temporary password or find the password
- Manager access IP: the main public IP that allows connection to Cloud Security Watcher dashboard
Click the [Create CSW] button when you've entered all the information.
Check the email sent to the registered email.

Group details screen

The Cloud Security Watcher group details consist of the following:
csw-start_03_groupinfo_en

Area	Description
① Basic features	Features displayed when creating Cloud Security Watcher group [Access dashboard] button: click to access as manager [Change settings] button: click to edit email information or manager access representative IP [Delete CSW] button: click to delete Cloud Security Watcher group
② Cloud Security Watcher details	Displays detailed information about created groups

Set admin account

An admin account is required to access the Cloud Security Watcher manager and use features such as user account registration and use connected accounts. The initial setup of the admin account is as follows.

Check the temporary password issued to the email registered when creating the Cloud Security Watcher group.
From the NAVER Cloud Platform console's Platform menu, click and select VPC.
Click Services > Security > Cloud Security Watcher.
Click the Dashboard menu.
Click the [Access dashboard] button to connect to the manager.
Enter the necessary information to log in.
- ID: admin ID registered when creating the Cloud Security Watcher group
- PASSWORD: temporary password issued to the email when creating the Cloud Security Watcher group
Change the password.
Log in with the changed password.

User account registration

The following describes how to register a user account that can access the Cloud Security Watcher manager.

From the NAVER Cloud Platform console's Platform menu, click and select VPC.
Click Services > Security > Cloud Security Watcher.
Click the Dashboard menu.
Click the [Access dashboard] button to connect to the manager.
Log in with the admin account.
Click the Settings > Basic settings menus, in that order.
Click the [Activate user] tab menu.
Click the [Add] button.
When the Add user pop-up window appears, enter the information for the user account.
Click the [Save] button.
Select a group for the user under the menu [Group] and click the [Grant permission] button.
Grant permission and click [Save] button.

Note

For the user type, check the service user permissions in Cloud Security Watcher concept.

Set access IP

The following describes how to configure access IP for user accounts that are trying to accessing Cloud Security Watcher manager.

Log in to the Cloud Security Watcher manager as an admin.
Click the tap menu Setting > Basic settings > [Activated user].
Click [Edit] of the user account for which the public IP will be set.
Click on the add button under Public IP Setting on User edit page in order to add a public IP.
Click the [Save] button.

Use connected accounts

Cloud Security Watcher manager provides API-based and agent-based multi-cloud environment management and auditing. In order to use the API method, you need to add a connected account. How to add a connected account is as follows.

From the NAVER Cloud Platform console's Platform menu, click and select VPC.
Click Services > Security > Cloud Security Watcher.
Click the Dashboard menu.
Click the [Access dashboard] button to connect to the manager.
Log in with the admin account.
Click the Settings > Basic settings menus, in that order.
Click the [Group] tab menu.
Select the group to add the connected account to.
Click the [+ Add] button in the Connected account menu.
Register the cloud account information to connect.

Caution

The cloud account for which you register should not be the root account with the highest level of permissions, but instead be a user account with the IAM permissions for connection.

How to connect NAVER Cloud Platform accounts

Accounts connected to Cloud Security Watcher are sub accounts created in Sub Account, an account management service of NAVER Cloud Platform.
Cloud Security Watcher supports NAVER Cloud Platform private account connection.
For account connection, specific permission (NCP_ADMINISTRATOR) is required.

Caution

Cloud Security Watcher supports private VPC environments and only supports private account connection. Financial and public account connection will be available on NAVER Cloud Platform financial and public platform.

The following describes how to create a sub account and assign permissions.

Access the NAVER Cloud Platform console.
Click the Services > Management & Governance > Sub Account > Sub Accounts menu, in that order.
Click the [Create sub account] button.
Enter the sub account information.
In the Sub Accounts menu, click the login ID of the created sub account.
Click the [Add] button.
Select and add the NCP_ADMINISTRATOR policy from System Managed policies.
Click the [Access Key] tab menu.
In Sub account details > Policy, click the [Add] button to generate an API authentication key.
Proceed through items 1 to 9 of use connected accounts.
Set the cloud item to NCP.
Enter your account and API authentication key information (Access Key ID, Secret Access Key).

Note
LoginAlias is automatically registered after validation, so no separate input is required.
Click the [Account validation] button.
Once the validation is complete, click the [Save] button.

How to connect Multi Cloud accounts

Connecting the AWS of the Cloud Security Watcher and the Azure cloud account allows you to manage multi cloud asset. Check [Help] on connection by cloud, provided in the Add a connected account and add a connected account.
csw-start_14_multicloud_en

Manage asset

When you register a connected account in the Cloud Security Watcher manager, the cloud assets of the connected account are retrieved using the API method. Depending on your preferences, you can exclude specific assets or re-import them.

Set up asset exclusion

To exclude specific assets from the imported assets:

Log in to the Cloud Security Watcher manager as an admin.
Select Settings > Basic settings > Group.
Select the appropriate group from Group status.
Click on the relevant connected account.
In the account details, click the [Assets] button.
Select the assets to exclude.
Click the [Exclude asset] button.
Select the unmanaged assets of the relevant group from Group status.
You can check the list of excluded assets.

Reset managed assets

The following describes how to re-import excluded assets:

Log in to the Cloud Security Watcher manager as an admin.
Select Settings > Basic settings > Group.
Select the unmanaged assets of the relevant group from Group status.
Select the assets to re-import.
Click the [Move managed assets] button.

Manage subgroup

You can use the Cloud Security Watcher manager to create a subgroup within a group and add assets to perform the management of grouped assets.

Caution

If there is a subgroup within a Cloud Security Watcher group, you cannot delete the group or unsubscribe. If you want to delete the Cloud Security Watcher group, delete all of its subgroups first.

Create subgroup

Take the following steps to create a subgroup.

Log in to the Cloud Security Watcher manager as an admin.
Select Settings > Basic settings > Group.
Select the appropriate group from Group status.
Click the [+ Create subgroup] button.
Specify Group name and Group description.
Click the [Save] button.
You can view the subgroup you've created under Group status.

Add or delete subgroup assets

Take the following steps to add or delete assets in a subgroup.

Log in to the Cloud Security Watcher manager as an admin.
Select Settings > Basic settings > Group.
Select a subgroup to add assets to under Group status.
Click the [+ Add asset] button.
Select an asset to add.
If you click the Region/Resource Group area in the connected account, you can see the added assets.
If you want to delete an asset, select an asset to delete from the asset information of the Asset tab and click the [Delete] button to delete it.

Delete subgroup

Take the following steps to delete a subgroup.

Caution

You must delete all assets in a subgroup to delete the subgroup.

Log in to the Cloud Security Watcher manager as an admin.
Select Settings > Basic settings > Group.
Select a subgroup to delete from Group status.
Click the Region/Resource Group area in the connected account.
Delete all assets from the asset information of the Asset tab.
Make sure no data exists in the connected account.
Click the [Delete] button in Group status.
Make sure the subgroup is successfully deleted.

Install agent

Cloud Security Watcher also supports an agent method for more precise data collection and analysis. In the case of the agent method, the server resource information can be collected by the manager by installing the agent on the server.

The agent specifications provided by Cloud Security Watcher can be found in Prerequisites for using Cloud Security Watcher.
Set the communication permission rules for TCP ports 443 and 8086 in the ACG console outbound rule settings menu on the server where you want to install the agent to allow Manager to collect host information.

Caution

Since the agent plays the role of reading the main information of the system and delivering it to the manager, it must be installed with the super admin account due to system requirements.

Windows version

Access the Cloud Security Watcher manager.
Click the [i] button located at the upper right corner of the Manager.
Download the agent that meets the supported specifications.
Unzip the downloaded file.
Run the CSWHost-install.exe installation file.
Go to Start > Run > services.msc and check if there is a list of agents.

Linux version

Access the Cloud Security Watcher manager.
Click the [i] button located at the upper right corner of the Manager.
Download the agent that meets the supported specifications.
Run Terminal and go to the location where the downloaded file is located.
Enter the following command to copy the agent installation files to the /tmp directory.
```
# cp CSW-<version_name>.tar.gz /tmp
```
Go to the tmp directory.
Enter the following command to unzip the installation file.
```
# tar –zxvf CSW-<version_name>.tar.gz
```
Go to the CSW-<version_name> directory.
Run the following command to install.
```
# ./install.sh
```
AstAgentMon Service Start : press the [Enter] key to end the installation after entering Y in the [Y] input box.
Enter the following command to check the service status.
```
# ps –ef | grep Ast
```

Delete agent

To delete the agent provided by Cloud Security Watcher:

Windows version

Download the same file you downloaded for agent installation.
Unzip the downloaded file.
Run the CSWHost_Uninstall.exe installation file.
Check whether the service has been deleted from the list of services.

Linux version

Download the same file you downloaded for agent installation.
Run Terminal and go to the location where the downloaded file is located.
Enter the following command to copy the agent deletion files to the /tmp directory.
```
# cp CSW-<version_name>.tar.gz /tmp
```
Go to the tmp directory.
Enter the following command to unzip the installation file.
```
# tar –zxvf CSW-<version_name>.tar.gz
```
Go to the CSW-<version_name> directory.
Run the following command to uninstall the agent.
```
# ./uninstall.sh
```
Put Y in all Y/N questions.
Ensure that the processes and directories have been deleted.
```
# ps –ef | grep Ast
```

Cancel subscription

You can cancel the subscription to Cloud Security Watcher from NAVER Cloud Platform console. You can cancel the subscription at any time, but please take note of the billing standard when canceling. The following describes how to cancel your subscription.

Caution

When you delete Cloud Security Watcher, all information, including account information that has been connected, will be lost and cannot be recovered.

From the NAVER Cloud Platform console's Platform menu, click and select VPC.
Click Services > Security > Cloud Security Watcher.
Click the Dashboard menu.
Click the [Delete CSW] button.
Enter the Group information.
Click the [Delete] button.
Click the Subscription menu.
Click the [Product in use] button, and then click [Cancel subscription].
Check the notification in the confirmation pop-up window and click the [Confirm] button.

Was this article helpful?

What's Next

Using Cloud Security Watcher

Table of contents

Request subscription
Create Cloud Security Watcher
Group details screen
Set admin account
User account registration
Set access IP
Use connected accounts
Manage asset
Manage subgroup
Install agent
Delete agent
Cancel subscription