Amazon

AWS

Dashboard Widgets

General (General overview of the system)

Audit (The number of rules with expired access or will have access expire within the next month)

Recent Changes (Rules and devices with changes in the past 30 days)

Browsers

Rule Viewer (see Rule Viewer)

Object Lookup (See Object Lookup)

Changes (see Change Browser)

Device Viewer (see Device Viewer)

Change Management

Change Management (Policy and Side-by-Side policy change comparison in the Compare tab, Comparison report, and New Revision report)

Graphical Policy (Policies are displayed in SecureTrack as they are shown in the vendor's management software)

Create SecureChange ticket from Rule Viewer for:

  • Rule Decommission (Removes selected rules from supported devices)

  • Rule Modification (Receives rules from the Rule Viewer and lets you create a ticket in SecureChange for a handler to update firewall rules for supported devices)

Topology

Static Topology

VPC Peering

Transit Gateway

Gateway Load Balancer (GWLB)

Supported Devices

The following devices are supported on Amazon AWS::

Fortinet
FortiManager
FortiGate
Check Point
Management Devices (MDS) CloudGuard Network Security - Firewall & Threat Prevention
Checkpoint Gateway
Palo Alto
Panorama
PanOS firewalls

Notes for Amazon Devices

  • Monitoring is based on periodic polling. The default is every hour.

  • PCI results do not include these tests: 1.1.5, 1.1.7, 1.3.4, 2.2.4.
    To pass PCI DSS tests that require rule comments or ticket IDs, add the comments and ticket IDs in the Rule Viewer.

  • Auditing support does not include Compliance Policies and Unified Security Policy.

  • Topology path calculation simulates traffic if there is no more than one dynamic connection, but as many static connections as necessary.
    Supported configurations are internal VPC connectivity and connectivity between VPC and the data center.

  • In Compare, nested SGs of peered VPCs are shown as empty groups in rule source and destination. Also, no calculations are made for those rules.
    Users may look at the SG origin VPC for more details.

  • In some cases, this device creates new rules for requested changes rather than updating the existing rules. In these cases, rule history might not be available.