From dbe895b0bff4ce8dfc6a00de7421256e53cbf9f5 Mon Sep 17 00:00:00 2001 From: cbehera-newrelic Date: Mon, 7 Apr 2025 09:42:06 +0530 Subject: [PATCH 1/4] wip --- .../cloud-workflow-misconfig.mdx | 63 ++++++++++++++++ .../vulnerability-management/overview.mdx | 2 +- .../security-workflow-cloud-misconfig.mdx | 71 +++++++++++++++++++ src/nav/vuln-management.yml | 4 ++ 4 files changed, 139 insertions(+), 1 deletion(-) create mode 100644 src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx create mode 100644 src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx diff --git a/src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx b/src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx new file mode 100644 index 00000000000..0ec1a49209d --- /dev/null +++ b/src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx @@ -0,0 +1,63 @@ +--- +title: Manage misconfigurations in your cloud environment +metaDescription: Use Security RX to fix misconfiguration in your cloud environment. +freshnessValidatedDate: never +--- + +This document covers how to: + +* Improve your cloud security posture in real-time +* Reduce context switching with automatic synchronization of AWS Security Hub findings (and other cloud vendors) +* Automate prioritization of security findings across all services, infrastructure, and cloud resources using threat intelligence and observability data + +If this workflow doesn't sound like you, check out our document on [managing vulnerabilities as a security team](/docs/vulnerability-management/security-workflow-cloud-misconfig). + +## Manage misconfigurations in your cloud environment [#cloud-misconfig] +New Relic Security RX provides a comprehensive view of your cloud security posture, allowing you to identify and remediate misconfigurations in real-time. By integrating with AWS Security Hub and other cloud vendors, you can automatically synchronize findings and reduce context switching. +This integration allows you to view and manage security findings from multiple cloud services in one place, streamlining your security operations. +To get started, navigate to the Security RX capability in New Relic and select the **Cloud** tab. Here, you can view a summary of your cloud security posture, including misconfigurations, vulnerabilities, and other security findings. + +To monitor the health of specific applications or services, use our entity scoped view by navigating to **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > APM & services > (select an entity) > Security RX > Overview**. For a larger scope, refer to [managing vulnerabilities as a security team](/docs/vulnerability-management/security-workflow). + +Dashboard for the security entity overview page + +
+ + **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > APM & services > (select an entity) > Security > Overview** + +
+ +The **Cloud** tab provides a comprehensive view of your cloud security posture, including: +* New misconfigurations +* Top critical regions +* Top resource types +* Top risks +* Top risks by account +* Top critical virtual private cloud (VPC) + + +## Triage, prioritize, and remediate misconfigurations [#prioritize] + +To triage, prioritize, and remediate misconfigurations, navigate to the **Vulnerabilities** tab in the Security RX capability. Here, you can view all open vulnerabilities and filter them by attributes such as priority, severity, number of affected entities, impacted entity type, and source. Clicking on a specific vulnerability provides detailed information about its severity, sources, vulnerability status change logs, and much more. + +To view all vulnerabilities of your service or application, in the left navigation pane, under **Security RX** section, select **Security RX - cloud**. + +Dashboard for the entity specific vulnerability library + +
+ + **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > APM & services > (select an entity) > Vulnerabilities** + +
+ + + + diff --git a/src/content/docs/vulnerability-management/overview.mdx b/src/content/docs/vulnerability-management/overview.mdx index 10e49534370..f64f9cae501 100644 --- a/src/content/docs/vulnerability-management/overview.mdx +++ b/src/content/docs/vulnerability-management/overview.mdx @@ -24,7 +24,7 @@ With Security RX, you get: * A birds-eye view of all vulnerabilities, including the ones that are detected by the New Relic platform and our integration partners such as [FOSSA](docs/vulnerability-management/integrations/fossa/), [AWS Security Hub](docs/vulnerability-management/integrations/aws/), [Trivy](/docs/vulnerability-management/integrations/trivy), [Snyk](docs/vulnerability-management/integrations/snyk/), [Dependabot](install/vm/), and more. -* Continuous run-time visibility of vulnerabilities in your applications and infrastructure +* Continuous run-time visibility of vulnerabilities in your applications, infrastructure, and cloud environments * Near real-time deployment validation of security patches diff --git a/src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx b/src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx new file mode 100644 index 00000000000..f36ce5b5bf6 --- /dev/null +++ b/src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx @@ -0,0 +1,71 @@ +--- +title: Manage misconfigurations in your cloud environment as a DevSecOps, Platform, or Security team +metaDescription: Use Security RX to overcome blindspots and assign remediation to developers as a security team. +freshnessValidatedDate: never +--- + +This document covers how to: + +* Improve your cloud security posture in real-time +* Reduce context switching with automatic synchronization of AWS Security Hub findings (and other cloud vendors) +* Automate prioritization of security findings across all services, infrastructure, and cloud resources using threat intelligence and observability data +* Assign remediation to security engineers and track progress + +If this workflow doesn't sound like you, check out our document on [managing vulnerabilities as a developer](/docs/vulnerability-management/dev-workflow). + + +## View the misconfiguration status of your cloud environment [#cloud-misconfig] +New Relic Security RX provides a comprehensive view of your cloud security posture, allowing you to identify and remediate misconfigurations in real-time. By integrating with AWS Security Hub and other cloud vendors, you can automatically synchronize findings and reduce context switching. This integration allows you to view and manage security findings from multiple cloud services in one place, streamlining your security operations. + +An image showing the summary Security RX overview page. + +
+ + **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Security RX** + +
+ +Once vulnerability data starts flowing into New Relic, you can access your data through various scoped views. To view a summary of your entire system, navigate to the [Security RX capability > Security RX - Applications > Overview](https://one.newrelic.com/vulnerability-management/apm-summary). This page provides curated dashboards representing the vulnerability of your system and baseline security hygiene. + +Dig deeper into the security of your system by auditing the vulnerability of all your entities, libraries, and active vulnerabilities: + + + + From the Security RX - Applications summary page, select **Entities** to review the vulnerability status of all your applications. This view shows all your applications and code repositories, and allows you to prioritize vulnerability remediation based on weighted vulnerabilities scores and severity profiles. + + Clicking into an entity opens up a scoped entity view of Security RX. Learn more about our scoped entity view in our document on [managing vulnerabilities as a developer](/docs/vulnerability-management/dev-workflow). + + + + + From the Security RX - Applications summary page, select **Libraries** to review the security impact of all libraries in your system. This view shows all the libraries used by your services and their security impact through vulnerability counts and severity. + + Upon clicking a library, it provides you with a list of all library versions currently in use as well as a tab which displays all the vulnerabilities detected due to the library. + + Upon clicking a library version, it provides you with a list of affected entities and vulnerabilities detected due to this library version. + + + + From the **Security RX - Applications overview** page, select **Vulnerabilities** to review all the vulnerabilities in your software system. This view shows every vulnerability, priority rank, reason for prioritizing it, number of entities affected, detected by and much more. + + This view is especially useful when responding to a specific vulnerability. Instead of reviewing each service to see if it's impacted, this view condenses info based on vulnerability instead of entity or library. + + Find the vulnerability you need to remediate, click it, review its direct impact of services, and take the recommended remediation steps. + + diff --git a/src/nav/vuln-management.yml b/src/nav/vuln-management.yml index d7a0a945784..6b02f5c5f3c 100644 --- a/src/nav/vuln-management.yml +++ b/src/nav/vuln-management.yml @@ -33,12 +33,16 @@ pages: path: /docs/vulnerability-management/dev-workflow - title: Manage vulnerabilities in your infrastructure path: /docs/vulnerability-management/infra-workflow + - title: Manage misconfigurations in your cloud environment + path: /docs/vulnerability-management/cloud-workflow-misconfig - title: Manage vulnerabilities as a security team pages: - title: Manage vulnerabilities in your application path: /docs/vulnerability-management/security-workflow - title: Manage vulnerabilities in your your infrastructure path: /docs/vulnerability-management/security-workflow-infra + - title: Manage misconfigurations in your cloud environment + path: /docs/vulnerability-management/security-workflow-cloud-misconfig - title: Change vulnerability status path: /docs/vulnerability-management/change-vulnerability-status - title: Set up vulnerability alerts From 033236c17478d8c070e598acd4db82a35c82f21c Mon Sep 17 00:00:00 2001 From: cbehera-newrelic Date: Tue, 8 Apr 2025 17:57:39 +0530 Subject: [PATCH 2/4] wip --- .../integrations/aws-securityhub-polling.mdx | 8 ++++++++ .../docs/vulnerability-management/integrations/aws.mdx | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx diff --git a/src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx b/src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx new file mode 100644 index 00000000000..b9b0d4bc43c --- /dev/null +++ b/src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx @@ -0,0 +1,8 @@ +--- +title: AWS security hub integration (polling method) +metaDescription: 'Send your security data from AWS Security Hub, GuardDuty, and inspector directly to New Relic.' +freshnessValidatedDate: never +--- + +You can import AWS Security Hub findings into New Relic to achieve a single, unified view of vulnerabilities. The process uses the AWS API to poll for findings from AWS Security reporting services. +After completing these steps, you will see new vulnerabilities detected by AWS Security tools in your New Relic account in real time, and you'll be able to build out analytics dashboards and enable on newly detected issues. \ No newline at end of file diff --git a/src/content/docs/vulnerability-management/integrations/aws.mdx b/src/content/docs/vulnerability-management/integrations/aws.mdx index acd97bda7c8..7814d2611bb 100644 --- a/src/content/docs/vulnerability-management/integrations/aws.mdx +++ b/src/content/docs/vulnerability-management/integrations/aws.mdx @@ -1,5 +1,5 @@ --- -title: AWS security integration +title: AWS security integration (EventBridge method) metaDescription: 'Send your security data from AWS Security Hub, GuardDuty, and inspector directly to New Relic.' freshnessValidatedDate: never --- From f0e7e047cbba039c46e24551c3996fc27cef2b28 Mon Sep 17 00:00:00 2001 From: cbehera-newrelic Date: Tue, 8 Apr 2025 19:58:28 +0530 Subject: [PATCH 3/4] wip --- .../integrations/aws-securityhub-polling.mdx | 65 ++++++++++++++++++- .../security-workflow-cloud-misconfig.mdx | 3 +- 2 files changed, 64 insertions(+), 4 deletions(-) diff --git a/src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx b/src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx index b9b0d4bc43c..8f9f37f5eae 100644 --- a/src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx +++ b/src/content/docs/vulnerability-management/integrations/aws-securityhub-polling.mdx @@ -1,8 +1,69 @@ --- -title: AWS security hub integration (polling method) +title: AWS security hub integration (Polling method) metaDescription: 'Send your security data from AWS Security Hub, GuardDuty, and inspector directly to New Relic.' freshnessValidatedDate: never --- You can import AWS Security Hub findings into New Relic to achieve a single, unified view of vulnerabilities. The process uses the AWS API to poll for findings from AWS Security reporting services. -After completing these steps, you will see new vulnerabilities detected by AWS Security tools in your New Relic account in real time, and you'll be able to build out analytics dashboards and enable on newly detected issues. \ No newline at end of file +After completing these steps, you will see new vulnerabilities detected by AWS Security tools in your New Relic account in real time, and you'll be able to build out analytics dashboards and enable on newly detected issues. + +## Set up API polling [#set-up-api] + +Follow these procedures to set up API polling. Both procedures require you to move between the New Relic UI and your AWS account. + + + + +To connect additional **API Polling** integrations to New Relic: + +1. Go to **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Infrastructure > AWS**. Click on one of the available service tiles. From the [IAM console](https://console.aws.amazon.com/iam/home?#/roles), click **Roles** > **Create role** > **AWS account** > **Another AWS account**. Input the following: + + * For `Account ID`, use `754728514883` + * Check the `Require external ID` box + * For `External ID`, enter your New Relic account ID + * Don't enable the setting to `Require MFA` (multi-factor authentication) +1. Attach the **Policy**: Search for `ReadOnlyAccess` in the **Permissions policies** text box, select the checkbox for the policy named `ReadOnlyAccess`, then click **Next**. Alternatively, you can [create your own managed policy](/docs/integrations/amazon-integrations/getting-started/integrations-managed-policies) and limit the permissions you grant New Relic according to the AWS services you want to monitor. +1. Enter `NewRelicInfrastructure-Integrations` for the **Role name**, then click **Create role** to select the newly created role from the list. On the **Role summary** page, select and copy the entire **Role ARN** (required later in this procedure). +1. Configure a **Budgets** policy by viewing the **Role summary** for your new role. Open the **Add permissions** drop-down and click on **Create inline policy**. Open the **JSON** tab and add the following permission statement: + + ```json + { + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "budgets:ViewBudget" + ], + "Resource": "*" + } + ] + } + ``` +1. Click **Review policy** to enter a policy name (like `NewRelicBudget`), then select **Create policy**. +1. Return to the New Relic UI to enter your AWS account name and the ARN for the new role that you saved in step 2. +1. Select the AWS services you want to monitor with the infrastructure integrations, then **Save**. + +It may take few minutes until new resources are detected and synthesized as entities. See Cloud integrations [system limits](/docs/data-apis/manage-data/view-system-limits) for more information. + + + + +If you previously set up an ARN with a restrictive **AmazonEC2ReadOnlyAccess** policy, unlink your existing integration and create a new ARN with a broader policy. + +Follow the instructions to [connect your Amazon account to New Relic](/docs/infrastructure/new-relic-infrastructure/data-instrumentation/amazon-aws-ec2-integration-infrastructure#connect) . +Provide the ARN that contains the **ReadOnlyAccess** policy. + +Once you complete your setup, you can see your integrations at **[one.newrelic.com > All capabilities](https://one.newrelic.com/all-capabilities) > Infrastructure > AWS**. + + + + + + diff --git a/src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx b/src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx index f36ce5b5bf6..d51081c7446 100644 --- a/src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx +++ b/src/content/docs/vulnerability-management/security-workflow-cloud-misconfig.mdx @@ -6,9 +6,8 @@ freshnessValidatedDate: never This document covers how to: -* Improve your cloud security posture in real-time +* Improve your cloud security posture * Reduce context switching with automatic synchronization of AWS Security Hub findings (and other cloud vendors) -* Automate prioritization of security findings across all services, infrastructure, and cloud resources using threat intelligence and observability data * Assign remediation to security engineers and track progress If this workflow doesn't sound like you, check out our document on [managing vulnerabilities as a developer](/docs/vulnerability-management/dev-workflow). From 35f928ef8f18eeed4a0c44155faff8dee5e31a8b Mon Sep 17 00:00:00 2001 From: cbehera-newrelic Date: Tue, 15 Apr 2025 19:44:24 +0530 Subject: [PATCH 4/4] WIP --- .../cloud-workflow-misconfig.mdx | 6 ++-- .../vulnerability-management/overview.mdx | 31 +++++++++++++++++++ src/nav/vuln-management.yml | 4 ++- 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx b/src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx index 0ec1a49209d..1221ca27b56 100644 --- a/src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx +++ b/src/content/docs/vulnerability-management/cloud-workflow-misconfig.mdx @@ -8,7 +8,7 @@ This document covers how to: * Improve your cloud security posture in real-time * Reduce context switching with automatic synchronization of AWS Security Hub findings (and other cloud vendors) -* Automate prioritization of security findings across all services, infrastructure, and cloud resources using threat intelligence and observability data + If this workflow doesn't sound like you, check out our document on [managing vulnerabilities as a security team](/docs/vulnerability-management/security-workflow-cloud-misconfig). @@ -40,9 +40,9 @@ The **Cloud** tab provides a comprehensive view of your cloud security posture, * Top critical virtual private cloud (VPC) -## Triage, prioritize, and remediate misconfigurations [#prioritize] +## Triage, and remediate misconfigurations [#prioritize] -To triage, prioritize, and remediate misconfigurations, navigate to the **Vulnerabilities** tab in the Security RX capability. Here, you can view all open vulnerabilities and filter them by attributes such as priority, severity, number of affected entities, impacted entity type, and source. Clicking on a specific vulnerability provides detailed information about its severity, sources, vulnerability status change logs, and much more. +To triage, and remediate misconfigurations, navigate to the **Vulnerabilities** tab in the Security RX capability. Here, you can view all open vulnerabilities and filter them by attributes such as priority, severity, number of affected entities, impacted entity type, and source. Clicking on a specific vulnerability provides detailed information about its severity, sources, vulnerability status change logs, and much more. To view all vulnerabilities of your service or application, in the left navigation pane, under **Security RX** section, select **Security RX - cloud**. diff --git a/src/content/docs/vulnerability-management/overview.mdx b/src/content/docs/vulnerability-management/overview.mdx index f64f9cae501..a1258259572 100644 --- a/src/content/docs/vulnerability-management/overview.mdx +++ b/src/content/docs/vulnerability-management/overview.mdx @@ -65,4 +65,35 @@ To dive deeper into these use cases, see [Manage vulnerabilities as a security t +Certainly! Here's a more concise version of the pricing section for Security RX capability: + +--- + +## Security RX pricing + + +Security RX uses three meters for pricing based on monitored entities: + +* **APM services** +* **Infrastructure hosts** +* **Cloud resources** + +**Pricing and packaging** + +* **Advanced compute:** Billed via a CCU meter based on entity count. +* **Minimum commitment:** 1-month minimum for active monitoring. + + +New Relic Security RX provides automated, continuous vulnerability monitoring for APM and infrastructure instances, correlating security findings across third-party tools to cloud resources. Monthly costs depend on workloads monitored: + +* **Application Vulnerability Monitoring:** Evaluates APM Services for software vulnerabilities, correlating and enriching findings. Costs are based on the number of services assessed monthly, prorated for intermittent applications. + +* **Infrastructure Vulnerability Monitoring:** Evaluates infrastructure instances for vulnerabilities, correlating and enriching findings. Costs are based on the number of hosts assessed monthly, prorated for intermittent hosts. + +* **Cloud Security Assessments:** Correlates and enriches findings for cloud resources. Costs are based on the number of resources assessed monthly, prorated for intermittent resources. + +Security RX requires a minimum 30-day activation but can be disabled afterward. Monitoring is billed monthly based on hours monitored. + + + diff --git a/src/nav/vuln-management.yml b/src/nav/vuln-management.yml index 6b02f5c5f3c..1b7063777d2 100644 --- a/src/nav/vuln-management.yml +++ b/src/nav/vuln-management.yml @@ -11,8 +11,10 @@ pages: pages: - title: Vulnerability integrations overview path: /docs/vulnerability-management/integrations/intro - - title: AWS Security + - title: AWS Security with EventBridge method path: /docs/vulnerability-management/integrations/aws + - title: AWS Security with Polling method + path: /docs/vulnerability-management/integrations/aws-securityhub-polling - title: Dependabot path: /install/vm - title: Snyk