Cloud Workload Discovery 4.5.0 Product Guide - Rev B

  • View
    214

  • Download
    0

Embed Size (px)

Text of Cloud Workload Discovery 4.5.0 Product Guide - Rev B

  • Product GuideRevision B

    Cloud Workload Discovery 4.5.0For use with McAfee ePolicy Orchestrator

  • COPYRIGHT

    2017 Intel Corporation

    TRADEMARK ATTRIBUTIONSIntel and the Intel logo are registered trademarks of the Intel Corporation in the US and/or other countries. McAfee and the McAfee logo, McAfee ActiveProtection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, McAfee Evader, Foundscore, Foundstone, Global Threat Intelligence,McAfee LiveSafe, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee TechMaster, McAfeeTotal Protection, TrustedSource, VirusScan are registered trademarks or trademarks of McAfee, Inc. or its subsidiaries in the US and other countries.Other marks and brands may be claimed as the property of others.

    LICENSE INFORMATION

    License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

    2 Cloud Workload Discovery 4.5.0 Product Guide

  • Contents

    Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

    Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

    Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

    1 Product overview 7Security management of your cloud assets made easy . . . . . . . . . . . . . . . . . . . 7Key features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7Components and what they do . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Cloud Workload Discovery packages and McAfee suites . . . . . . . . . . . . . . . . . . 10

    2 Configuring the cloud accounts 11Configuring an AWS cloud account . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

    Create an AWS user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Create a user permission policy . . . . . . . . . . . . . . . . . . . . . . . . . 12Assign the policy to a user . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Create an IAM role with flow logs for your AWS account . . . . . . . . . . . . . . . 14Register an AWS account . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

    Configuring Microsoft Azure cloud accounts . . . . . . . . . . . . . . . . . . . . . . . 17Create an application in the Microsoft Azure console . . . . . . . . . . . . . . . . . 17Where to find Subscription ID, Tenant ID, and Client ID . . . . . . . . . . . . . . . 19Configure client key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Set delegated permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Assign the application to your subscription . . . . . . . . . . . . . . . . . . . . 20Register a Microsoft Azure account . . . . . . . . . . . . . . . . . . . . . . . 21Register Microsoft Azure classic account . . . . . . . . . . . . . . . . . . . . . 23

    Register a VMware vSphere account . . . . . . . . . . . . . . . . . . . . . . . . . . 25Register an OpenStack cloud account . . . . . . . . . . . . . . . . . . . . . . . . . 27Registered cloud account details . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

    Virtual machine details for AWS cloud account . . . . . . . . . . . . . . . . . . . 29Virtual machine details for Microsoft Azure account . . . . . . . . . . . . . . . . . 31Virtual machine details for VMware vCenter account . . . . . . . . . . . . . . . . 33Virtual machine details for OpenStack account . . . . . . . . . . . . . . . . . . . 36

    3 Managing policies with McAfee ePO 39Cloud Workload Discovery policies on McAfee ePO . . . . . . . . . . . . . . . . . . . . 39Where to find policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Create a new firewall policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40Create a new assessment policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41Assign custom policies to systems in your network . . . . . . . . . . . . . . . . . . . . 42

    4 Visualization of your cloud accounts 43Problems or issues with your firewall settings or traffic . . . . . . . . . . . . . . . . . . . 44Viewing account properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44

    Cloud Workload Discovery 4.5.0 Product Guide 3

  • Viewing security group information for your instance . . . . . . . . . . . . . . . . . . . 46Viewing threat prevention details on your instance . . . . . . . . . . . . . . . . . . . . 47Viewing intrusion prevention details on your instance . . . . . . . . . . . . . . . . . . . 48Viewing application control details on your instance . . . . . . . . . . . . . . . . . . . . 48Viewing change control details on your instance . . . . . . . . . . . . . . . . . . . . . 48Viewing volume encryption details for your instance . . . . . . . . . . . . . . . . . . . . 49Traffic details for your instance . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Instance properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Apply McAfee ePO tags to VMs in your network . . . . . . . . . . . . . . . . . . . . . . 51Automatic responses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51

    Set up automatic responses . . . . . . . . . . . . . . . . . . . . . . . . . . 52

    5 Remediation 55Activate missing protection with few clicks . . . . . . . . . . . . . . . . . . . . . . . 55

    Install McAfee Agent on your instances . . . . . . . . . . . . . . . . . . . . . . 55Install McAfee VirusScan . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56Install McAfee MOVE AntiVirus . . . . . . . . . . . . . . . . . . . . . . . . . 56Install McAfee Host Intrusion Prevention on your instances . . . . . . . . . . . . . . 57Install McAfee Application Control on your instances . . . . . . . . . . . . . . . . 57Install McAfee Change Control . . . . . . . . . . . . . . . . . . . . . . . . . 58

    Remediate firewall rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Edit the security group rules . . . . . . . . . . . . . . . . . . . . . . . . . . 59Detach the security group from an instance . . . . . . . . . . . . . . . . . . . . 59

    6 Queries and reports 61Predefined queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61

    View default queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63Create custom queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64Dashboards and monitors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65

    Data Center and Public Cloud dashboards . . . . . . . . . . . . . . . . . . . . . 65

    7 Frequently asked questions 73

    Index 77

    Contents

    4 Cloud Workload Discovery 4.5.0 Product Guide

  • Preface

    This guide provides the information you need to work with your McAfee product.

    Contents About this guide Find product documentation

    About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

    AudienceMcAfee documentation is carefully researched and written for the target audience.

    The information in this guide is intended primarily for:

    Administrators People who implement and enforce the company's security program.

    ConventionsThis guide uses these typographical conventions and icons.

    Italic Title of a book, chapter, or topic; a new term; emphasis

    Bold Text that is emphasizedMonospace Commands and other text that the user types; a code sample; a displayed messageNarrow Bold Words from the product interface like options, menus, buttons, and dialog boxes

    Hypertext blue A link to a topic or to an external website

    Note: Extra information to emphasize a point, remind the reader of something, orprovide an alternative method

    Tip: Best practice information

    Caution: Important advice to protect your computer system, software installation,network, business, or data

    Warning: Critical advice to prevent bodily harm when using a hardware product

    Cloud Workload Discovery 4.5.0 Product Guide 5

  • Find product documentationOn the ServicePortal, you can find information about a released product, including productdocumentation, technical articles, and more.

    Task1 Go to the ServicePortal at https://support.mcafee.com and click the Knowledge Center tab.

    2 In the Knowledge Base pane under Content Source, click Product Documentation.

    3 Select a product and version, then click Search to display a list of documents.

    PrefaceFind product documentation

    6 Cloud Workload Discovery 4.5.0 Product Guide

    https://support.mcafee.com

  • 1 Product overviewCloud Workload Discovery enables you to discover, import, manage, and secure your Amazon WebServices, Microsoft Azure, and VMware vCenter virtual infrastructure using McAfee ePolicyOrchestrator (McAfee ePO).

    Contents Security management of your cloud assets made easy Key features Components and what they do Cloud Wor