The next step in securing your cloud environment is configuring SecureCloudDB to begin discovering your cloud assets.
To get started with asset discovery, select
Asset Discoveryfrom the left nav under
Setup. Once there, select the blue circle with a plus sign to begin:
Decide a name for your asset discovery configuration, or accept the randomly generated one:
Select your scan type. If you are setting up an AWS specific database service, select
AWS Configuration. Otherwise, select
Non-AWS. For this guide, we will be doing an AWS configuration.
Next, decide if you are setting up one account or many (this can be changed later). For now, let's do one account at a time.
Account ID, pick your
Regions to Scan, and select the
Servicesyou would like to detect. Afterwards, pick your authentication method or create a new one. If you need help creating a new method or have any questions, please visit the AWS Authentication section for more information. We recommend you either assume a role or host an agent and use an Instance Profile.
On the next step, you can choose whether you would like to audit self-managed databases on EC2. If this applies to you, check the box. Otherwise, you can leave it blank.
Select a schedule to run scans and if you are using a self-hosted agent check the box. We recommend not setting the schedule to higher than the default (6 hours). Note that this is the periodic schedule on which your scan will run. You can start a scan at any time manually after creating an asset discovery.
The final step provides a summary of your configurations throughout the creation wizard. Take a second to double check that the inputs show your correct information and when you are ready select
Createto finish this asset discovery configuration.
Should everything be configured correctly, your first scan will begin within a matter of minutes!
Once data begins to show on the platform, we recommend setting up the Database Activity Monitoring functionality to identify any potential suspicious behavior.