This capability provides cloud endpoint discovery and reporting, giving customers a more consolidated view into what they’re securing, and quickly identifies endpoints that are missing security monitoring from Red Canary. As a result, Customers can easily identify unmanaged, forgotten or rogue endpoints and bring them up to the organization’s security standards and compliance requirements.
All identified cloud endpoints will have their Cloud metadata visible within the Portal, giving customers the needed context to understand what endpoints map to which Cloud account, region, and more.
Endpoint discovery happens as part of endpoint sync, which runs every 30 minutes.
An External Service is a platform that the Red Canary platform integrates with to retrieve Endpoint, Process, or Alert data.
Cloud Providers are vendors that provide cloud computing services to their customers, such as AWS, Microsoft Azure, Google Cloud Platform, etc.
Set up Cloud Endpoint Discovery for AWS
This setup is the only onboarding step required to enable Cloud Endpoint Discovery for AWS.
- Click your Profile icon in the top right and select Amazon Web Services.
Administration pages now list Amazon Web Services as a possible Integration. By default, no integrations will be configured.
- Click Configure a new service (Note: please contact Support if you do not see this button). Specify a description to identify the AWS account, and enter the AWS Account ID.
- Click Create External service.
You should now see setup guides available for the service you just created. Use the Cloudformation setup guide or Terraform setup guide and create an IAM Role in your AWS account that grants the Red Canary platform the ability to list and describe your EC2 instances.
- When the role has been created, copy its ARN and click Configure.
- Enter the role’s ARN in AWS IAM Role ARN to be assumed for API calls and click Update External service.
The AWS external service is now configured. Endpoints will be discovered within 30 minutes and synchronized into your Red Canary platform.
Identify Enrolled Endpoints Without Sensors Installed
Once endpoints are discovered, they can be viewed by querying the Endpoints page. The following state displays all discovered endpoints that don't have Linux EDR installed.