Categories

Findings

Findings are the results of the Plerion Detection Engine (PDE) Detection reporting a finding and rating the severity of the finding as it relates to best practices or a relevant compliance standard. Plerion Findings enable customers to reduce the risk to their environments by continuously highlighting areas for improvement. Explore findings APIs

Assets

Plerion Assets form the basis upon which all Plerion contextual security is reported. Every unique cloud resource on which Plerion collects information is classified as a single asset on the Plerion platform. A detailed asset view combines various sources of security, compliance, and risk-related metrics to empower customers to make high-impact decisions when evaluating a single asset in relation to their overall cloud environments. Explore assets APIs

Asset groups

Asset Group is classifying assets into specific group based on the different criteria such as integration, asset tag, resource type and resource name. This helps users to manage, organize, and analyze their assets more efficiently. User can group assets based on the teams, projects, business units, environments, tech stack etc. Explore asset groups APIs

Alerts

The Plerion Risk Score (PRS) Engine has calculated Alerts that are the highest priority items based on the available information across Identity, Configuration, and Vulnerability Management. Alerts offer the highest value CONTEXT from across the Plerion Platform. Alerts are accompanied by a narrative to guide customers on the overall risk and the recommended remediation steps to take to improve, reduce, or eradicate the identified risk. Explore alerts APIs

Integrations

Integrations enable customers to connect their own cloud environments to the Plerion platform. Integrations allow for the collection of data from the integrated environment, e.g. Connecting Plerion to your cloud service provider will facilitate Plerion to collect, analyze, and prioritize the most significant risks across your cloud operating environments. Explore integrations APIs

Tenant

The Plerion platform caters for multi-tenancy. Multi-tenancy within the Plerion platform delivers isolation for the integrations supported by Plerion. Each Tenancy (Tenant) allows for multiple inbound or outbound integrations, like integrating with Cloud Service Providers (AWS, Azure, GCP), and their corresponding Audit log service (AWS: CloudTrail, Azure: AuditLog, GCP: Cloud Audit Log). Explore tenant APIs

Risks

In a cloud environment there are usually many hundreds or thousands of misconfigurations, but which of those pose a clear and present danger of a breach? That’s what the Plerion risk is about. Explore risks APIs

AWS integration

In order to connect your AWS account to Plerion or update existing account, you will need,
  1. CloudFormation Template URL. Retrieve the template from Get CloudFormation template
  2. External Id of the tenant. Retrieve the External Id from Get the external id of the tenant
  3. Plerion AWS Account Id. The value will always be 588158338731
  4. Temporary Auth Token. Token to be passed to CloudFormation template that auto registers the AWS integration. Retrieve the temporary auth token from Generate temporary token for creating AWS integration
  5. Plerion API URL. The value will always be au.api.plerion.com
  6. Select Capabilities. Select CSPM for CSPM only capability or ALL for both CSPM and CWPP capability.
  7. Select KMSKeyAccessMode. When CWPP is enabled, you can choose the KMS Key access mode to facilitate Plerion’s access to keys for decrypting volumes, images, and lambda code. In the ALL_KEYS mode, Plerion is granted access to all KMS keys in the account. However, you have the option to restrict access to certain keys by applying the “PlerionAccess: Denied” tag. Alternatively, the SELECTED_KEYS mode allows Plerion access solely to the KMS keys that have been tagged with “PlerionAccess: Granted”.
Passing the parameters to the CloudFormation template will create a new AWS integration or update existing integration.

Quick start

Follow the guide to create a new AWS integration or update existing integration using curl command. Note: Replace {$PLERION_API_KEY} with your API key.
Create a new AWS integration
  export PLERION_API_URL=au.api.plerion.com
  export PLERION_API_KEY={$PLERION_API_KEY}
  export PLERION_AWS_ACCOUNT_ID=588158338731
  # Fetch the template URL
  export TEMPLATE_URL=$(curl -s GET  "https://$PLERION_API_URL/v1/tenant/cloudformation-templates?type=AWSAccount" -H "Authorization: Bearer $PLERION_API_KEY" | jq -r '.data.templateURL')
  # Generate the temporary auth token
  export TEMP_AUTH_TOKEN=$(curl -s -X POST  "https://$PLERION_API_URL/v1/tenant/integrations/token" -H "Authorization: Bearer $PLERION_API_KEY" | jq -r '.data.token')
  # Fetch the external ID
  export EXTERNAL_ID=$(curl -s -X GET  "https://$PLERION_API_URL/v1/tenant/external-id" -H "Authorization: Bearer $PLERION_API_KEY" | jq -r '.data.externalId')
  # Create the stack
  export PLERION_STACK_NAME=plerion-aws-integration
  aws cloudformation create-stack --stack-name $PLERION_STACK_NAME --template-url $TEMPLATE_URL --capabilities CAPABILITY_NAMED_IAM \
    --parameters ParameterKey=ExternalId,ParameterValue=$EXTERNAL_ID \
      ParameterKey=PlerionAccountId,ParameterValue=$PLERION_AWS_ACCOUNT_ID  \
      ParameterKey=AuthToken,ParameterValue=$TEMP_AUTH_TOKEN \
      ParameterKey=Capabilities,ParameterValue=ALL \
      ParameterKey=KMSKeyAccessMode,ParameterValue="ALL_KEYS" \
      ParameterKey=PlerionURL,ParameterValue=$PLERION_API_URL
  # Wait for the stack to complete
  aws cloudformation wait stack-create-complete --stack-name $PLERION_STACK_NAME
Update an existing AWS integration
  export PLERION_API_URL=au.api.plerion.com
  export PLERION_API_KEY={$PLERION_API_KEY}
  export PLERION_AWS_ACCOUNT_ID=588158338731
  # Fetch the template URL
  export TEMPLATE_URL=$(curl -s GET  "https://$PLERION_API_URL/v1/tenant/cloudformation-templates?type=AWSAccount" -H "Authorization: Bearer $PLERION_API_KEY" | jq -r '.data.templateURL')
  # Generate the temporary auth token
  export TEMP_AUTH_TOKEN=$(curl -s -X POST  "https://$PLERION_API_URL/v1/tenant/integrations/token" -H "Authorization: Bearer $PLERION_API_KEY" | jq -r '.data.token')
  # Fetch the external ID
  export EXTERNAL_ID=$(curl -s -X GET  "https://$PLERION_API_URL/v1/tenant/external-id" -H "Authorization: Bearer $PLERION_API_KEY" | jq -r '.data.externalId')
  # Update an existing stack
  export PLERION_STACK_NAME=plerion-aws-integration
  aws cloudformation update-stack --stack-name $PLERION_STACK_NAME --template-url $TEMPLATE_URL --capabilities CAPABILITY_NAMED_IAM \
    --parameters ParameterKey=ExternalId,ParameterValue=$EXTERNAL_ID \
      ParameterKey=PlerionAccountId,ParameterValue=$PLERION_AWS_ACCOUNT_ID  \
      ParameterKey=AuthToken,ParameterValue=$TEMP_AUTH_TOKEN \
      ParameterKey=Capabilities,ParameterValue=ALL \
      ParameterKey=KMSKeyAccessMode,ParameterValue="ALL_KEYS" \
      ParameterKey=PlerionURL,ParameterValue=$PLERION_API_URL
  # Wait for the stack to complete
  aws cloudformation wait stack-update-complete --stack-name $PLERION_STACK_NAME
Explore AWS integration APIs

Compliance frameworks

Compliance Frameworks help our customers meet their regulatory and compliance obligations, and reduce compliance risk, enabling them to achieve their strategic objectives. Plerion offers customers hundreds of prebuilt detections delivering continuous assurance against industry standards and best practices. Explore compliance frameworks APIs

Well-Architected frameworks

The AWS Well-Architected Framework helps customers design secure, high-performing, resilient, and efficient cloud infrastructure. Plerion continuously assesses your environment against the AWS Well-Architected pillars, aligning your architecture with AWS best practices and accelerating improvement. Explore Well-Architected frameworks APIs

Tenant usage

Plerion Usage information for the Tenant Explore tenant usage APIs

Audit logs

Audit logs provide a comprehensive trail of user activities and system operations within a tenant. These logs capture important events such as user logins, API calls, configuration changes, and other security-relevant activities. Audit logs help with compliance, security monitoring, and troubleshooting. Explore audit logs APIs