Using Cloud Security Watcher
- Print
- PDF
Using Cloud Security Watcher
- Print
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Available in VPC
You can access the Cloud Security Watcher dashboard, and monitor and evaluate the resources of multi-cloud environment.
Dashboard screen
The Cloud Security Watcher manager dashboard is the first screen after login where you can view the agent status and security information at a glance. Each dashboard information item is connected to relevant menu pages and you can check statistics for each period.
| Area | Description |
|---|---|
| ① 24-hour change status monitoring | Menu arranged on an upper end of the dashboard |
| ② Service use status | Use status of group, cloud, Region information, VPC/VNet, Subnet, and so on the cloud service in use |
| ③ Host status | Total host status of the cloud service in use |
| ④ OS status | The status of the OS installed on the cloud service in use |
| ⑤ Firewall operation status | Total firewall operation status of the cloud service in use |
| ⑥ Server status | Server status registered in the cloud service |
| ⑦ Security topology | Topology created based on information per network of host |
| ⑧ Resource monitoring real-time notification | Details of notifications for danger and caution of host status for each threshold value designated when setting policies for hosts registered in the cloud service |
| ⑨ Firewall real-time blocking log | Latest notification list that have occurred for blocking of firewall of hosts registered in the cloud service |
Assets
The Assets of Cloud Security Watcher manager provides asset information of each cloud and host and log information that has occurred by the preset application monitoring policies. Access to the desired assets tab (assets monitoring, host monitoring, application monitoring, assets status, details for each asset, remote script management). Through the group selection, the monitoring details for each menu are provided.
Asset monitoring
Through the main dashboard, summary information on the creation for 24 hours, deletion, creation of Auto Scaling, deletion of Auto Scaling and the like is provided.
| Area | Description |
|---|---|
| ① Assets for each cloud | Check the type and number of all cloud platforms registered in the system |
| ② Asset | Display the total quantity of NACL, ACG, Host, and so on registered in the cloud service |
| ③ Host status | Arrange and display the types of each server status of the cloud platform in graphs |
| ④ OS | Display the status of the OS installed on the host in graphs |
| ⑤ Operation status | Display the operation status of the cloud platform in numbers |
| ⑥ Fluctuations | Display the fluctuations of number of cloud hosts and number of each asset type in graphs |
Host monitoring
Provides the host change history information.
| Features | Description |
|---|---|
| Host monitoring summary | Check the number of creations, deletions, and changes of all hosts and Auto Scaling groups of the selected group |
| Group summary | Display the number of creations, deletions, and changes of host and Auto Scaling for the same group |
| Host summary for each VPC | Display the number of creations, deletions, and changes of host of each and every VPC of the same group |
| Occurrence fluctuations | Display the number of creations, deletions, and changes of host and VPC in the group for a certain period in graphs |
| Details | Check details of group of host, cloud, VPC, and so on |
Application monitoring
Provides log information generated in the application policies.
| Features | Description |
|---|---|
| Application monitoring summary | Check the number of creations, deletions, and changes of host set for application monitoring in the group |
| Summary of TOP 5 of application monitoring | Display of TOP 5 with the most events among the preset monitored subjects |
| Occurrence fluctuations | Check the total number of cases with application monitoring generated for a certain period for each fluctuation |
Asset status
Provides the status of total assets.
| Features | Description |
|---|---|
| Host operation status | Check the number of creations, deletions, and changes of host with application monitoring allocated in the group |
| Agent status | Check the status information (normal, error, and so on) of installed agent |
| Firewall status | Check the status information (normal, error, and so on) of installed firewall |
| Host type | Check the suspension and operation status of host type |
| Host OS | Check the OS information of host |
| Asset Details | Display the detailed status information of registered assets (group, VPC, asset name, agent status, and so on) |
Details per asset
Provides the status of total assets.
| Features | Description |
|---|---|
| Detailed information tree of assets | Check the asset information tree structure per cloud |
| Basic information | Check the group, cloud, VPC information of selected host and the number of policies of firewall |
| Connection subject | Check the Subnet connected to NACL and IP information |
| Inbound policies and Outbound policies | Display all firewall policies of relevant assets preset |
Remote script management
Provide a function to register and manage scripts to check the assets and host.
| Features | Description |
|---|---|
| Project management | Deploy and run script files to subject group and host |
| Project results | Provide detailed information to promoted projects |
Account
In the Account of Cloud Security Watcher manager, you can check the account status history information of cloud account and host.
Account monitoring
Provides information on the account of cloud and host.
| Area | Description |
|---|---|
| ① Display 24-hour change status graph | Display information such as account monitoring fluctuations graphs for 24 hours, recent creation details, recent deleted details, and recent login details |
| ② Cloud account status | Display the quantity of account used in the cloud in graphs |
| ③ Vulnerabilities of cloud account | Display the status of vulnerabilities status of cloud account such as safe and vulnerable in graphs |
| ④ Host account and login status | Display the access account quantity for each host in graphs |
| ⑤ Cloud account fluctuations status (24H) | Display the number of creations, changes, deletions, and logins for the account for accessing the cloud service |
| ⑥ Host account fluctuations status (24H) | Display the quantity, number of creations, changes, deletions, and logins of account of host used in the cloud |
| ⑦ Fluctuations | Display the fluctuations of all information shown in the main in graphs |
Account monitoring details
Provides detailed information on the account of cloud and host.
| Features | Description |
|---|---|
| Cloud account | Check the details of cloud account monitoring |
| Host account | Check the details of host account monitoring |
Cloud account
Provides all account information of each cloud for the selected host.
| Features | Description |
|---|---|
| Group status | Check the all group information of each cloud |
| User account | Check the all account information of each cloud |
| Change in accounts | Check the all change in accounts information of each cloud |
| Login history | Check the login history information on the cloud account |
| Console task history | Check the console task history on the cloud account |
Host account
Provides the host account status information.
| Features | Description |
|---|---|
| Account status | Check the host account information |
| Change in accounts | Check the host account change information |
| Login history | Check the login history information on the host account |
Compliance
The Compliance of Cloud Security Watcher manager provides resource vulnerability detection and diagnosis status information based on major compliance.
| Area | Description |
|---|---|
| ① Vulnerabilities diagnosis dashboard | Provides real-time vulnerabilities diagnosis dashboard |
| ② Total diagnosis item summary | Check the diagnosis item ability results of selected project |
| ③ TOP 10 vulnerabilities items | Check the TOP 10 of each number of entity among the generated vulnerabilities items |
| ④ Vulnerability status by category | Checks the diagnosis severity of vulnerabilities generated based on the major classification and provides a comparative analysis function with execution check results |
| ⑤ Fluctuations with generation of vulnerabilities | Check the vulnerabilities fluctuations generated in the results of the recent 10 project diagnoses |
| ⑥ Tab for each diagnosis status | Check the details such as diagnosis items, not processed, and completely processed, and so on. |
| ⑦ Action status | Check the status of generated entities of vulnerabilities (not allocated, during action, action completed, completely excluded) |
| ⑧ Work status per person in charge of action | Check the work status of users designated for and granted the charge of action in project |
| ⑨ My work status | Check the work status granted to the relevant project of the logged-in user |
Diagnosis of vulnerabilities
Provides detailed information on the diagnosed project.
| Features | Description |
|---|---|
| Project | Manage the diagnosis and results on the project currently registered |
| History | Check the diagnosis history of all projects |
| Exception management | Check the exceptional entities of project where the user is designated as the person in charge of permissions for exceptions among all projects |
| My task management | Classify and check in accordance with the work type allocated to the user |
| Cloud account status | Check the cloud account status registered on the compliance diagnosis project |
Compliance management
You can check the compliance used for detecting and diagnosing vulnerabilities and creating, editing, and deleting custom versions.
| Features | Description |
|---|---|
| Add compliance | Create new custom compliance |
| Compliance list | Check the currently registered compliance types |
| Compliance type | |
| Compliance details | Check the detailed items on compliance |
Project management
You can create, edit, and delete projects used for detecting and diagnosing vulnerabilities.
| Features | Description |
|---|---|
| Add project | Creates new project |
| Project task | Edit and delete projects |
Compliance report
Provides the functions to check and output report of results executed in the vulnerabilities diagnosis menu.
| Features | Description |
|---|---|
| Creation report list | Check the result report created when diagnosing the manual/cyclical projects and the summary results |
| Report output options | Select reports and custom reports |
Firewall
The Firewall of Cloud Security Watcher manager provides the functions to check the cloud server, network firewall policy operation status, blocked TOP log and security topology.
Firewall management
Provides the host account status information.
| Area | Description |
|---|---|
| ① 24-hour change status | Check the firewall status information of cloud and host |
| ② Total status | Check the number of all firewalls in the group and the number of rules for each of NACL, ACG, and HFW |
| ③ Firewall changes | Display the changed figures of creation and deletion of firewalls and subject quantity of firewall policies in graphs |
| ④ Changes in the number of firewall policies | Display the changed figures of policies of each firewall and subject quantity of firewall policies in graphs |
| ⑤ Firewall operation status | Display the number of units in operation for each cloud platform, VPC, and firewall, and indicate each quantity |
| ⑥ Security topology | Automatically create a diagram analyzed based on information for each host and network |
| ⑦ Top 10 blocked | Display the number of cases blocked the most within 24 hours |
| ⑧ Blocking history | Display the blocking history within 24 hours |
Firewall monitoring
Provides log status information generated in the firewall policies.
| Features | Description |
|---|---|
| Firewall policy monitoring summary | Check the number of all firewalls in the group and the number of rules for each of NACL, ACG, and HFW |
| Firewall policy monitoring Top 5 | Check the Top 5 with the most number of cases of creation, deletion, and change among the total firewall assets during a period |
| Occurrence fluctuations | Check the status information of creation, deletion, and change of firewall policies during a period in graphs |
| Details | Check the detailed change history of firewall policies during a designated period |
NCP firewall
Provides the network information of NAVER Cloud Platform VPC and the NACL and ACG status.
| Features | Description |
|---|---|
| NACL | Check the topology of VPC and firewall policies |
| ACG | Check the information of policies for permitting and blocking for each ACG and edit the policies |
AWS firewall
Provides the AWS network information and NACL status
| Features | Description |
|---|---|
| NACL | Check the topology of VPC and firewall policies |
| SG | Check the information of policies for permitting and blocking for each SG and edit the policies |
Azure firewall
Provides the network information and firewall status of Azure VNet.
| Features | Description |
|---|---|
| Azure Firewall | Check the topology of VNet and firewall policies |
| Firewall Manager | Check the information of policies for permitting and blocking for each Azure Firewall Manager and edit the policies |
| NSG | Check the information on the network security group and edit the policies |
| ASG | Check the information on the Application security group and edit the policies |
HFW
You can see HFW firewall policies and network status information.
| Features | Description |
|---|---|
| Host information within VPC | Select the cloud and the VPC/VNet and check the VPC network information and Private IP and the number of policy rules |
| Security topology | Check the position of the relevant host |
| Inbound policies, Outbound policies | Check the Inbound policies and Outbound policies of the selected host and edit and apply policies |
- In some servers, you need additional settings for activating the HFW functions in accordance with detailed OS settings.
Note
The measures to activate HFW are as follows:
- Linux OS: disable the firewalld / ufw process, and then install the Agent
- Windows OS: activate the Windows basic firewall, and then install the Agent
Firewall status by host
You can see the host's status, firewall policies, and network status information.
| Features | Description |
|---|---|
| Host list information | Check the host list information of the selected VPC |
| NACL information | Check the NACL information connected to a selected host |
| ACG information | Check the ACG information connected to a selected host |
Template
Provides a function to set the Inbound and Outbound policies templates in advance.
| Features | Description |
|---|---|
| Add template | Create template in the selected cloud |
| Add Policy | Set the rules, type, protocol, port range, source, and act |
| Select NACL | Import the policies registered on the NACL |
Integrity
The Integrity of Cloud Security Watcher manager provides log information generated by subjects and policies applied to the set integrity monitoring policies.
Integrity monitoring
You can see the list of hosts where the integrity monitoring configuration is created and monitoring history status.
| Area | Description |
|---|---|
| ① Monitored subject | Display the quantities of the hosts to be monitored and the hosts not to be monitored among all the hosts in graphs |
| ② Integrity detection host | Display the quantities with integrity detection generated in the hosts to be monitored in graphs |
| ③ Number of cases of integrity monitoring | Display the number of cases of integrity monitoring and detection during 1 month in graphs |
| ④ Change status | Display the history information of creation, deletion, and change of each group of hosts to be monitored within 24 hours |
| ⑤ Top 10 hosts for integrity monitoring | Display the host information of top 10 hosts with the most cases of integrity monitoring and detection |
| ⑥ Real-time integrity monitoring | Display the hosts where integrity monitoring and detection have occurred in real time |
Real-time monitoring
Provides integrity monitoring logs generated during a designated period by detected file and directory.
| Features | Description |
|---|---|
| Search features | View the number of cases detected by inputting integrity detection files |
| Select period | Manually designate the date range |
| Deactivate the filter | Reset the selected period settings, search criteria, and so on |
| Settings of number of listed items | Designate the total number of items in a page of a table list |
| Excel down button | Convert the logs of criteria searched in the type of Excel files |
Monitoring by file
Provides the integrity monitoring log by file generated during a designated period by host name.
| Features | Description |
|---|---|
| Search features | Enter the host name and view the number of cases detected |
| Select period | Manually designate the date range |
| Deactivate the filter | Reset the selected period settings, search criteria, and so on |
| Settings of number of listed items | Designate the total number of items in a page of a table list |
| Excel down button | Convert the logs of criteria searched in the type of Excel files |
Status
The Status of Cloud Security Watcher manager provides the quantity information of warnings and cautions of host status for each threshold value set up by the policy.
Status monitoring
You can see the list of hosts where the integrity monitoring configuration is created and monitoring history status.
| Area | Description |
|---|---|
| ① Quantity by status | Display the status generated in the hosts as the quantity of warnings and cautions in graphs |
| ② Host by status | Display the quantity of hosts with status monitoring generated |
| ③ 24H status monitoring | Display the number of notifications occurred within 24 hours and the quantity of host where the notifications occurred |
| ④ Operation status | Diaplay the status of hosts by status in each group in graphs |
| ⑤ Real-time status monitoring alarm | Display a status history about the details of the recent notification |
| ⑥ Monitoring of real-time service changes | Display the status of real-time service changes |
Resource monitoring status
Display the information of hosts set up in Settings > Status monitoring settings
| Features | Description |
|---|---|
| Resource | Display CPU, Memory, SWAP, and DISK usage thresholds based on the set status monitoring |
| Network | Display status monitoring information in the network, including the network traffic and cumulative transmission of host |
| Process | Display monitoring information by resource of the process registered in the host |
| Port | Display service type, protocol, port number, and so on which is registered in the host |
| Url | Display the threshold and response time to reach the registered URL address |
| Ping | Display the results of a communication detection test that attempts to Ping the designated host |
Resource status by host
Provides detailed information on the host that installed the agent.
| Features | Description |
|---|---|
| Overview | Display the status information of the selected host |
| CPU | Display CPU usage rate during a set period of time for host where the agent is installed |
| MEM | Display memory usage rate during a set period of time for host where the agent is installed |
| Disk | Display disk usage rate during a set period of time for host where the agent is installed |
| Network | Display network usage traffic during a set period of time for host where the agent is installed |
| Process | Display CPU and memory usage rate of the process registered in the status monitoring settings menu |
| Notification | Display notifications that occur when the threshold set in the status monitoring settings menu is exceeded |
Resource notifications
Provides a consolidated log of resource notifications generated by status monitoring settings.
| Features | Description |
|---|---|
| Search features | Enter the host name and view the number of cases detected |
| Select period | Manually designate the date range |
| Deactivate the filter | Reset the selected period settings, search criteria, and so on |
| Settings of number of listed items | Designate the total number of items in a page of a table list |
| Excel down button | Convert the logs of criteria searched in the type of Excel files |
Monitoring of service changes
Provides the real-time information of creation/deletion/change detected for processes and ports used by the host where the agent is installed.
| Features | Description |
|---|---|
| Service monitoring summary | Display the number of Processes and Ports that have changed |
| Group summary | Display monitoring information by group |
| Host summary by VPC/VNet | Display monitoring information by VPC/VNet |
| Occurrence fluctuations | Display the number of service changes in graphs |
| Details | Display the detailed information of service changes |
Status of all processes and ports
Provides all process and port information for the host where the agent is installed.
| Features | Description |
|---|---|
| All Process | Display cloud, private IP, process name, process status, CPU, and so on which is by host |
| All Open Port | Display policy type, group, cloud, protocol, port, and so on which is by host |
Event
The Event in the Cloud Security Watcher manager provides event information that occurred on the host set in Settings > Alert settings, Log monitoring settings.
Alert
Provides event information of the AWS host where the Alert is set.
| Area | Description |
|---|---|
| ① All Alerts | Displace all Alerts that occurred during a set period of time |
| ② Details | Displays detailed information about generated Alerts |
System log
Provides system log information set up on the host where the agent is installed.
| Features | Description |
|---|---|
| System log information | Display details classified by log type and level |
Firewall log
Provides firewall log information set up on the host where the agent is installed.
| Features | Description |
|---|---|
| Firewall log information | Display the allow/block policy log information of firewall |
Task
The Task of Cloud Security Watcher manager provides cloud asset change the task conducted through the manager in a designated period and detailed task information on the activities of the manager.
Task history
Provides detailed information by classifying the changes in the cloud service due to the Cloud Security Watcher manager tasks into succeeded, failed, and proceeding.
| Features | Description |
|---|---|
| ① Select period | Set search period |
| ② Cloud | Select cloud service |
| ③ Run time | Display the run time for conducting the task |
| ④ Status | Display the task conducted in relation to cloud service through manager as succeeded or failed |
| ⑤ Download Excel file | You can download Excel files so that the task history of a designated period can be separately stored |
| ⑥ View details | Display the detailed popup windows when there is additional information for tasks conducted for the cloud service |
Activity history
Provides all history and details and the like on the activities such as login history and addition and deletion of user/group conducted in the Cloud Security Watcher manager.
| Features | Description |
|---|---|
| ① Select period | Set search period |
| ② Task history | Display the history of activity inside from when the user accesses the manager |
| ③ View details | Display the detailed activity history on the items excluding the login/logout succeeded details |
| ④ Download Excel files | You can download Excel files so that the Active history of a designated period can be separately stored |
Note
The maximum view period by each menu is set to the last 3 months (90 days). You can download in Excel file to extract activity logs, including task history, for separate archiving.
Report
The Report of Cloud Security Watcher manager provides reports that are generated based on the settings in Settings > Set reports.
Regular report
Provides reports created monthly/weekly/daily.
| Area | Description |
|---|---|
| Monthly report | Provide a list and file of monthly report created |
| Weekly report | Provide a list and file of weekly report created |
| Daily report | Provide a list and file of daily report created |
Report by period
Provides a feature where dates can be selected to create a report for the period.
| Features | Description |
|---|---|
| Select group | Display a report for the selected group |
| Create reports button | After specifying the dates, click Create button to create a report by period |
| Report button | Provide visualizations of all data in CSW, including asset status, account status, account monitoring, and so on which is in the form of charts |
Notification settings
In the Notification settings of Cloud Security Watcher manager, you can set to in real time provide email and screen notification when a resource change history of a specific criteria has been detected. The following describes how to set up the notification:
- Click User icon.
- Click [Notification settings].
- Select a desired notification function.
Note
In the Notification reception exception tab, you can select a VPC or host to be designated as an exception.
Was this article helpful?