Protected Assets

In this topic:

    In this section of the Dome9 console, you can see a summary of all your the assets in your VPCs that are protected by Dome9. These assets can include, for example, instances (such as EC2s), RDSs, and load balancers. Dome9 fetches information about these assets from the cloud platforms (AWS, Azure, Google) and presents it in a console view. Further, Dome9 monitors the security posture of these assets in the Compliance Engine and, for those that are fully protected by Dome9, actively makes corrections (for example, by applying or changing a Security Group policy, if it was incorrectly configured).

    The console view shows you all your assets. You can filter or search the list according to asset type, region, VPC, and other conditions, for specific ones of interest. You can select an asset in the list, and show more detail. The detail depends on the type of asset, but is typically the security group or firewall policies that are active on the asset. For some assets, you can see flow logs. If your cloud account is managed by Dome9 in full-protection mode, you can also change the network security settings.

    You cannot set other details for your assets here; this is done in your cloud account with your cloud platform.

    Value to customers

    Dome9 presents a single console view of all your assets, on all platforms, from which you can search or filter for specific assets of interest, and see details about their security posture.

    For some asset types, you can apply Security Group or IAM policies directly from the Dome9 console.

    Use-cases

    Here are some typical use-cases for the Dome9 Protected Asset console view.

    • find assets matching specific criteria

    • quickly access flow logs for an asset

    • review attributes and status for an asset

    • review and change the security policies for an asset

     
     

    Actions

    View your assets

    The main page shows a list of your assets that are protected by Dome9, organized by region. Filter the list using the filters on the left, or search for assets by name in the search bar.

    The right pane of the screen shows a graphical view of your accounts, for each platform, and, for each account, the regions and VCGs associated with it. Click on a platform, or a region, or a specific VGC to filter the list of assets shown in the list.

    For each asset in the list, the type, and its external IP address (if it has one) are shown.

    Click on one of the assets in the list to see more details for it.

     

    Modify details (instances only)

    You can modify some details for assets that are instances (EC2s on AWS, or virtual machines on Azure or Google), if the asset is fully protection by Dome9.

    For AWS instances:

    You can add Security Group or NACL policies to AWS instances.

    1. Click on an instance type asset in the list, to show details for it. You can modify network settings, in the Network Security Policies tab, or IAM Policies.

    2. Click to attach a security group or NACL to the instance (from those already defined; to define a new security group or NACL, go to Security Groups).

    3. Select the group or NACL, and then press ATTACH.

    For Azure:

    You can modify the rules for Security Group that are applied to virtual machines. You cannot add or remove the Security Group itself.

    1. Click on the instance in the list.

    2. Click on the Subnet NSG Policy that you wish to modify, and then click on (the security group must be set to Manage, not Read Only, to do this)

    3. Click

      to change a firewall rule, or

      to delete it. See Azure Network Security Groups for details about modifying Network Security Groups (NSGs).

     

    View flow logs

    Some assets are configured to allow Dome9 access to flow logs. These are marked with . Click on this icon to show the flow logs. See VPC Flow Logs for details about controlling this view.