Understanding the Cloud Security Dashboards and Reports

In the Reports Portal, select Repository > Standard Content > Cloud.

Cloud services providers are highly accessible, and the vast amount of data that they host makes them an attractive target for malicious users. To help you assess the security of services in the cloud, we provide dashboards and reports based on the industry-wide standards set by the Cloud Security Alliance (CSA). This alliance has identified the most significant security threats to the shared, on-demand nature of cloud computing. CSA refers to these issues as the Treacherous 12.

Reporting includes the following dashboards and reports, organized by the Treacherous 12 categories:

Category Dashboards Reports
Abuse and Nefarious Use of Cloud Services

DoS Originated from EC2 Instances

EC2 Instances Communicating with Cryptocurrency Entity

EC2 Instances Querying Domains Involved in Phishing Attacks

EC2 Machines Involved in Suspicious Communication

Email Spam Originated from EC2 Instances

Nefarious Activity by an Unauthorized Individual from EC2

Suspicious Activity Reported by Microsoft Azure

Trojans or Backdoors Installed on EC2 Instances

n/a
Account Hijacking

Account Hijacking Vulnerabilities

Man in the Middle Attacks

Phishing Attacks

Principal Invoked an API Commonly used to Discover Information Associated with AWS account

Broken Authentication and Session Management
Advanced Persistent Threats Trojans or Backdoors Installed on EC2 Instances n/a
Data Breaches

All Information Leakage Events

Information Disclosure Vulnerabilities

Organizational Information Leakage

Personal Information Leakage

n/a
Data Loss Amazon AWS Deletion Events

Amazon S3 Bucket Deletion Events

Amazon VPC Deletion Events

Denial of Service DoS Activity n/a
Insecure Interfaces and APIs n/a Vulnerabilities on Interfaces and API
Insufficient Due Diligence n/a

EC2 Machines Behavior Deviates from the Established Baseline

Failed Technical Compliance Events

Insufficient Identity Credential and Access Management n/a

AWS Account Password Policy Was Weakened

Invalid or Expired Certificate

Unsecured Password Events

Malicious Insiders n/a Nefarious Activity by an Unauthorized Individual
System Vulnerabilities Vulnerability Overview

Cloud Related Vulnerabilities

Critical Vulnerabilities

Heartbleed Vulnerabilities

Kernel Vulnerabilities

Overflow Vulnerabilities

Security Patch Missing

Shellshock Vulnerabilities

Spectre and Meltdown Vulnerabilities

Vulnerabilities by Host

Vulnerabilities on Shared Technologies n/a Vulnerabilities on Shared Technologies

The cloud-based security dashboards and reports provide a view of events occurring in Amazon Web Service (AWS) and Azure, forwarded to the ArcSight Database from ArcSight ESM. Content in a dashboard depends on the widgets that it displays, as well as the dashboard’s specified time range. For example, some widgets summarize events by resource names and profile IDs, as well as by the event’s severity.