2. Query Builder
In this section, you are able to load existing queries and rules or create new ones from scratch.
On the panel to your left, you see all the supported resources from AWS and AZURE. You can select any resource and drag it to the Canvas to start your query.
So let’s start with a basic example.
We are looking for a publicly open Instance.
Our proprietary algorithms can identify which ports are open between any two resources in your system and inform you if and how a resource can be accessed. This is not only a security group check but a complete scan of all the security layers that might affect its accessibility.
Now, let’s search for the “External IP” resource and add it to the canvas. As you can see, the right panel is now open. This panel will open every time you will click on the Filter image.
Now, let’s check to see if our instance is connected to the open internet
- Click on the ‘+’ sign to add a new filter
- Click on “IP Address” from the menu
- Select the “IP Address” condition from the filter you just added (toggle on)
- Enter the Netmask you wish to monitor, in our example that would be 0.0.0.0
Now, all we have left is to add the relationship between the “External IP” and our EC2 Instance.
- Click on the round icon on the right border of the External IP Node.
- From the opened menu, select the “Network Access” -> “EC2 Instance #0”
And run the query by clicking the icon on the header.
Here we can see the results of our query:
In order to ensure continuous monitoring, you need to click on the toggle button “run Continuously”:
you can add a description of the rule in the description tab on the right panel and later put the rule name on the left side for example:
- EC2 Instance is exposed to the internet
If our rule is triggered, you will receive a notification on your Insights Screen, alerting you with the description of the event and the actionable impact on your architecture.