Remediating Cloud Misconfigurations
TotalCloud provides visibility and continuous security across all of your cloud environments. TotalCloud continuously discovers resources, assesses and reports resource misconfigurations by checking compliance in relation to respective CIS Benchmark & Best Practices policy provided out-of box.
TotalCloud provides you information on resource misconfigurations. With the remediation feature, you can now:
- Remediate resource misconfigurations
- Perform actions on cloud resources
You can remediate your AWS, Azure, and GCP resource misconfigurations.
By default the remediation feature is enabled only for Activated TotalCloud users.
Pre-requisites
Ensure that you have the following modules available in your subscription:
- Activated TotalCloud Subscription
- Administration
If you need access to a module, please contact your Qualys Technical Account Manager (TAM).
A user with Manager role or sub-user with Manage Remediation permission can use the remediation feature. For more information on the configuring access for remediation, see Managing Remediation Permission.
Configuring Remediation
You can now not only detect and evaluate cloud resources but also remediate resources in your cloud environment. You can now quickly fix resource misconfigurations and remediate your cloud resources.
With the remediation enabled for the connectors, while resources are discovered and evaluated by TotalCloud, you are provided with one-click remediation option. We will walk you through the steps.
Step 1. Configure Connectors For Remediation
Configuration connectors for remediation involves two steps: enable remediation for the connector and then assign write access for the connector
The detailed steps for each cloud provider: AWS | Microsoft Azure | GCP
Step 2. Remediating Cloud Resources
The Posture tab lists the controls that are available for remediation and the count of failed evaluations that could be remediated.
Step 3. Actions for Cloud Resources
The Resources tab provides you with actions that you can execute on instances to quickly fix unknown behavior of an instance or vulnerability on an instance.
What's More!
Remediable Control List: AWS | Microsoft Azure | GCP