Cloud Endpoint Discovery and Reporting gives customers a more streamlined view of what they're securing and quickly detects endpoints that don't have Red Canary security monitoring. As a result, you can easily identify unmanaged, forgotten, or rogue endpoints and bring them up to the organization’s security standards and compliance requirements.
You will be able to see the Cloud metadata for every identified cloud endpoint in the portal, giving you the necessary context to understand which endpoints map to which Cloud account, region, and more.
Endpoint discovery happens as part of endpoint sync, which runs every 30 minutes.
This is a platform that Red Canary integrates with to retrieve Endpoint, Process, or Alert data.
These are vendors who provide cloud computing services to their customers, such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform, and so on.
Set up Cloud Endpoint Discovery for AWS
This set up is the only onboarding step required to enable Cloud Endpoint Discovery for AWS.
- Click your user icon at the top right in your Red Canary, and select Amazon Web Services.
- Click Configure a new service. (Note: please contact Support if you do not see this button).
- Specify a description to identify the AWS account, and enter the AWS Account ID.
Administration pages now list Amazon Web Services as a possible Integration. By default, no integrations will be configured.
- Click Create External service.
You should see setup guides available for the service you just created. Use the Cloudformation setup guide or Terraform setup guide and create an IAM Role in your AWS account that grants the Red Canary platform the ability to list and describe your EC2 instances.
- When the role has been created, copy its ARN and click Configure.
- Enter the role’s ARN in AWS IAM Role ARN to be assumed for API calls and click Update External service.
The AWS external service is now configured. Endpoints will be discovered within 30 minutes and synchronized into your Red Canary platform.
Identify Enrolled Endpoints Without Sensors Installed
Once endpoints are discovered, they can be viewed by querying the Endpoints page. The following state displays all discovered endpoints that don't have Linux EDR installed.
How often are scans conducted for new endpoints?
Hi Eric! Thanks for your question. I've updated the article with the info that you asked for.
Please sign in to leave a comment.