DevSecOps - SAST - DAST - Cloud Vulnerabilities

Prisma Cloud - Key features:

• Cloud Security Posture Management (CSPM)
• Cloud Workload Protection
• Cloud IAM Security
• Cloud Code Security
• Compliance & Governance
• Web Application &API Security

Prisma Cloud secure the following cloud native infrastructure:

• Amazon Web Services (AWS)
• Google Cloud Platform (GCP)
• Microsoft Azure
• IBM Cloud
• Alibaba Cloud
• Docker EE
• Kubernetes
• Rancher
• Red Hat Open Shift
• VMware Tanzu

Identify the different Cloud Service Provider services for configurations and cloud vulnerabilities related issues:

1. Microsoft Azure (Defender Cloud Service)

Cloud Vulnerabilities:

• Login to https://portal.azure.com using cloud id and see home dashboard page
• Go to Security Platform, Check for CVE details & copy the Subscription name
• Navigate to Azure portal, Click on gear icon on right side corner "Settings", in default subscription filter Un-checked all the selected subscriptions, Paste the copied subscription name here.
• Now go to top Search bar and type for Microsoft Defender For Cloud Service, Select the Recommendations menu from left side menu options , you will get the grid details with selected subscription.
• Copy the name from Security platform Resource Group, Back to Azure grid result, Add Filter,  Resource group and paste the name here. You can see the result group based on filter
• Image Link, You can see the link which is from ACR(Azure Container Registry), You can see and match the title name as Azure registry container name.
• In Azure portal, Click on Azure container registry title hyperlink, It will show the tab details like Take Action, Findings, Graphs, Repositories etc.
• Go to Findings tab and search the Vuln ID from security portal, CVE number matches with the same from security portal. If you click on CVD id , it will show the details of additional information like Fixed Version
• Go back to Security platform, Provide same additional information and attach the snapshot if required
• Other way to click on Image Links hyperlink and it will go to Azure container registry, can see Tag Count and Manifest Count are same, but chances are these numbers are different. Not identical.
• Attach this snapshot and mentioned that these counts are same. This may vary from use case to use case.

Cloud Configurations:

• Go to Security Platform -> Copy the Subscription name attribute
• Navigate to Azure portal, Click on gear icon on right side corner "Settings", in default subscription filter Un-checked all the selected subscriptions, Paste the copied subscription name here.
• Now go to top Search bar and type for Microsoft Defender For Cloud Service, Select the Recommendations menu from left side menu options , you will get the grid details with selected subscription.
• Copy the name from Security platform Resource Group, Back to Azure grid result, Add Filter,  Resource group and paste the name here. You can see the result group based on filter OR copy the title name and search by Title name
• Can see multiple result details in grid, Go to the full resource name, copy only last namespace details 
• In Azure portal, Click on Azure container registry title hyperlink, It will show the tab details like Take Action, Findings, Graphs, Repositories etc.
• Go to Take Action tab, you can see the detailed information, which customer have to remediation from there end.
• Other second option: Go to direct search for Resource Manager -> Search for resource groups -> Copy the resource group name from Security platform. -> Copy the last name from full resource name and paste in search bar. It will navigate to respective service based on type like Storage account. e.g. TLS 1.1 used -> Fix would be apply TLS 1.2
• Go to Storage Settings on left side menu -> Configuration, Navigate to Minimum TLS Version & check for current version.

There are different type of configuration related issues. So it depends on case to case. Need to investigate & communicate to customer.

2. Google Cloud Platform (GCP Security Command Center)

GCP Container Registry Vulnerability Scanning
GCP Security Command

• Login to https://console.cloud.google.com using cloud id and see home dashboard page
• Select a Project from left upper corner, choose type as Organisation project name
• Go to left side menu panel -> IAM & Admin - > PAM -> Enable your entitlement -> select entitlement name (e.g read) -> Click on "Request Grant" button on down list -> Enter 8 hours and justification (For Vuln Remediation)
• This action will activate the read access to check different projects, resources etc.
• Whoops -> Means issue gone , it will take 24~72 hours for reflect in security platform
• In GCP - > Subscription called as Project -> Copy Subscription name from security portal and go to GCP console -> Go to Project (Select a resource) -> Search projects and folders - > You will see the search result and click on name hyperlink -> Make sure Project is selected properly next to google logo
• From search bar -> Type Security Command Center service ->Click on button Go to Security Security Command Center -> Left hand side menu -> Go to Findings -> in findings query result you can see the reported vulnerabilities details
• Based on security platform type of issue -> Can filter based on full resource name -> Copy full resource name -> Go to GCP -> Edit query -> Add Filter -> Resources -> Full Name -> Paste the resource name here. -> Apply
• Edit the Time range parameter to All time
• Based on this step, you can see the category based query result -> Click on it -> Status showing as "Active" means its not resolved yet. 
• You can cross check Resource full name with security platform's resource name
• Based on issue type. eg. here its Firewall problem reported -> Go to Cloud NGFW ->Firewall policies