Inventory and Discovery Features¶
When you enable Inventory and Discovery features (Valtix recommends to enable this), you get insights into the cloud resources (like Security Groups, Routing Tables, Applications etc) and setup rules to alert on the when these resources break the rules. For e.g you can setup a rule (Valtix provides a set of predefined rules) to alert you if a security group has an inbound rule to allow traffic on SSH (Port 22) for 0.0.0.0/0 (public) access.
The dynamic discovery features also helps you in discovering new resources as they are created and use them in the security policies. For e.g you can setup firewall security policy to drop all the egress traffic from the EC2 instances tagged as "Name = prod". When a new instance is created with the above tag, the Valtix Gateway instances automatically detect this and adds this instance to the security policy rule that drops the egress traffic.
DNS Query Logging enables you to get insights on the traffic egressing your VPCs. Valtix Controller categorizes the HTTP traffic using Brightcloud URL category database.
Finally VPC Flow Logs gives a report of all the traffic entering and exiting your VPCs.
The CloudFormation template enables all the above features once you provide a S3 bucket during the creation of the stack
- Create a S3 Bucket.
- Enable Route53 Query Logging with the target as the S3 bucket created above and select all the VPCs for which you want the traffic insights
- Create a CloudTrail to enable all the management events