6.0 Understanding the Cloud Security Dashboards and Reports

Select > Reports > Portal > Repository > Standard Content > Cloud.

Cloud services providers are highly accessible, and the vast amount of data that they host makes them an attractive target for malicious users. To help you assess the security of services in the cloud, we provide dashboards and reports based on the industry-wide standards set by the Cloud Security Alliance (CSA). This alliance has identified the most significant security threats to the shared, on-demand nature of cloud computing. CSA refers to these issues as the Treacherous 12.

Reporting includes the following dashboards and reports, organized by the Treacherous 12 categories:

Category	Dashboards	Reports
Abuse and Nefarious Use of Cloud Services	DoS Originated from EC2 Instances EC2 Instances Communicating with Cryptcurrency Entity EC2 Instances Querying Domains Involved in Phishing Attacks EC2 Machines Involved in Suspicious Communication Email Spam Originated from EC2 Instances Nefarious Activity by an Unauthorized Individual from EC2 Suspicious Activity Reported by Microsoft Azure Trojans or Backdoors Installed on EC2 Instances	n/a
Account Hijacking	Account Hijacking Vulnerabilities Man in the Middle Attacks Phishing Attacks Principal Invoked an API Commonly used to Discover Information Associated with AWS Account	Broken Authentication and Session Management
Advanced Persistent Threats	Trojans or Backdoors installed on EC2 Instances	n/a
Data Breaches	All Information Leakage Events Information Disclosure Vulnerabilities Organizational Information Leakage Personal Information Leakage	n/a
Data Loss	Amazon AWS Deletion Events	Amazon S3 Bucket Deletion Events Amazon VPC Deletion Events
Denial of Service	DoS Activity	n/a
Insecure Interfaces and APIs	n/a	Vulnerabilities on Interfaces and API
Insufficient Due Diligence	n/a	EC2 Machines Behavior Deviates from the Established Baseline Failed Technical Compliance Events
Insufficient Identity Credential and Access Management	n/a	AWS Account Password Policy Was Weakened Invalid or Expired Certificate Unsecured Password Events
Malicious Insiders	n/a	Nefarious Activity by an Unauthorized Individual
System Vulnerabilities	Vulnerability Overview	Cloud Related Vulnerabilities Critical Vulnerabilities Heartbleed Vulnerabilities Kernel Vulnerabilities Overflow Vulnerabilities Security Patch Missing Shellshock Vulnerabilities Spectre and Meltdown Vulnerabilities Vulnerabilities by Host
Vulnerabilities on Shared Technologies	n/a	Vulnerabilities on Shared Technologies

The cloud-based security dashboards and reports provide a view of events occurring in Amazon Web Service (AWS) and Azure, forwarded to Recon from ArcSight ESM. Content in a dashboard depends on the widgets that it displays, as well as the dashboard’s specified time range. For example, some widgets summarize events by resource names and profile IDs, as well as by the event’s severity.