Versions Compared

Old Version 7

changes.mady.by.user Song Wrensch

Saved on

compared with

New Version Current

changes.mady.by.user Song Wrensch

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note

To install Blue Hexagon Agentless Runtime Cloud Security powered by Deep Learning AI, you must have a valid Blue Hexagon NG-NDR license. To install Blue Hexagon Security Audit, you must have a valid Blue Hexagon SaaS license. Please contact your Blue Hexagon representative to obtain the necessary licenses. You can request a free trial license here.

Blue Hexagon Setup

Installation and deployment of Blue Hexagon Security Audit and Blue Hexagon Agentless Runtime Cloud Security powered by Deep Learning AI is done via GCP recommended Terraform templates. You can optionally install and deploy Blue Hexagon Security Audit and/or Blue Hexagon Agentless Runtime Cloud Security powered by Deep Learning AI, independently.

Prerequisites

  • Download the Blue Hexagon for GCP package here. Your welcome email will contain the GCP license key(s) and the password to decrypt the package.

  • Terraform (Blue Hexagon strongly recommends using GCP Cloud Shell which conveniently provides Terraform and other utilities.)

  • Unzip the Blue Hexagon for GCP package - enter the password when prompted.

    Code Block
    $ unzip bluehexagon_gcp.zip
Archive:  bluehexagon_gcp.zip
[bluehexagon_gcp.zip] password:
  inflating: bluehexagon/bh_gcp_registration.py
  inflating: bluehexagon/README.md   
  inflating: bluehexagon/main.tf
  inflating: bluehexagon/terraform.tfvars
  inflating: bluehexagon/variables.tf

  • Add the necessary input values in the terraform.tfvars file.

...

  • Deploy via Terraform

    • Code Block
          # Run once
    terraform init
    
    # Deploy
    terraform apply [--auto-approve]

    # Destroy
    terraform destroy [--auto-approve]

Blue Hexagon Security Audit Setup

To enable Blue Hexagon Security Audit, set enable_security_audit in the provided terraform.tfvars file to true (default is false).

Blue Hexagon Flow Logs Monitor

To enable Blue Hexagon Flow Logs Monitor, set enable_flow_logs_monitor in the provided terraform.tfvars file to true (default is false).

Blue Hexagon Network Threat Defense Setup

This following steps deploy the Blue Hexagon for GCP solution with GCP Packet Mirroring. Blue Hexagon inspects network traffic generated by GCP Compute Engine and GCP Kubernetes Engine workloads to uncover and respond to threats in real-time.

A Blue Hexagon representative can assist you to deploy the solution.

Getting Started

Share the email ID of user or service account doing the deployment and share the email ID of the Google APIs Service Agent with your Blue Hexagon representative. Blue Hexagon will in turn share a custom Compute Engine image and add the provided email address as an Image User, as described here.

The Google APIs Service Agent is a Google-managed service account used to access the APIs of Google Cloud Platform services. You may find it in GCP Console -> IAM -> Principals and will be of this format: {PROJECT_ID}@cloudservices.gserviceaccount.com.

Prerequisites

  • You must have a GCP project with a VPC containing at least one private subnet.

  • The VPC must be configured for Cloud NAT to allow Blue Hexagon virtual appliances deployed in the private subnet to reach out to the Blue Hexagon cloud.

  • The Blue Hexagon Terraform templates create a 0.0.0.0/0 outbound firewall rule to allow outbound communications with the Blue Hexagon cloud - do not remove this.

Deployment

Blue Hexagon is deployed as an autoscaling managed instance group behind an internal load balancer in a subnet in your VPC.

Tip

On success, you can check to see that the internal load balancer has been created along with a healthy backend managed instance group, as shown in the screenshots below.

...

Packet Mirroring Configuration

Info

The following steps describe how to configure GCP Packet Mirroring to direct traffic from your source workloads to Blue Hexagon for inspection. For more details and troubleshooting, refer to the GCP Packet Mirroring documentation.

...

  • You can choose to mirror all traffic (default and recommended) or mirror only specific protocols / IP ranges as shown below.

...

Mirror Only Internet Traffic

GCP Packet Mirroring currently does not support negative filters supporting the “not” condition, e.g. not 10.0.0.0/8. To work around this and mirror only internet traffic, specify a filter that includes public CIDR blocks and excludes 10.0.0.0/8 internal traffic. IP ranges to use:
128.0.0.0/1 64.0.0.0/2 32.0.0.0/3 16.0.0.0/4 0.0.0.0/5 12.0.0.0/6 8.0.0.0/7 11.0.0.0/8

NOTE: Each CIDR block needs to be added one by one for GCP to recognize it. The whole string above cannot be cut and pasted.

Cross-VPC Packet Mirroring

You can set up cross-VPC (and cross-project) Packet Mirroring by following the steps described in the GCP Packet Mirroring documentation.

Peering needs to be setup both ways from network1 to network2 and vice-versa

...

Shared VPC Packet Mirroring

You can set up packet mirroring in a Shared VPC setting by following the steps described in the GCP Packet Mirroring documentation.

...

https://cloud.google.com/kubernetes-engine/docs/how-to/intranode-visibility?hl=en

Verify Setup

If Blue Hexagon and Packet Mirroring are setup correctly, you will see observations in the Blue Hexagon portal from the gcp appliance in the Discover view as shown below.

...