Passed Exam Today CloudSec-Pro

Package installed with APT

Downloadable, self-hosted software

Software-as-a-Service (SaaS)

Plugin to Prisma Cloud

event from cloud.audit_logs where operation ConsoleLogin AND user = 'root’

event from cloud.audit_logs where operation IN('cloudsql.instances.update','cloudsql.sslCerts.create', cloudsql.instances.create','cloudsq

event from cloud.audit_logs where cloud.service = s3.amazonaws.com' AND json.rule = $.userAgent contains 'parrot1

event from cloud.audit_logs where operation IN ( 'GetBucketWebsite', 'PutBucketWebsite', 'DeleteBucketWebsite')

event from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey' , 'DeleteAlarms' ) AND user = 'root'

event from cloud.security_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey' , 'DeleteAlarms' ) AND user = 'root'

config from cloud.audit_logs where operation IN ( 'ChangePassword', 'ConsoleLogin', 'DeactivateMFADevice', 'DeleteAccessKey', 'DeleteAlarms' ) AND user = 'root'

event from cloud.audit_logs where Risk.Level = 'high' AND user = 'root'

From the deployment page in Console, choose "twistlock-console" for Console identifier, generate DaemonSet file, and apply DaemonSet to the twistlock namespace.

From the deployment page, configure the cloud credential in Console and allow cloud discovery to auto-protect the Kubernetes nodes.

From the deployment page in Console, choose "twistlock-console" for Console identifier and run the "curl | bash" script on the master Kubernetes node.

From the deployment page in Console, choose "pod name" for Console identifier, generate DaemonSet file, and apply the DaemonSet to twistlock namespace.