IBM Cloud SCC Workload Protection is introducing Network Exposure, a new feature to help you quickly find what resources are exposed in your infrastructure. You can view this information from different parts of Workload Protection. Let's start with the Resources Inventory.
Network Exposure in the Inventory
By default, all the resources will specify if they are exposed or not exposed in the right side of the resource information, in the Resource Inventory. In addition to that you can also use the Exposed filter available in the Context section in the left sidebar. That way, you can list only the exposed resources.
Once you click an exposed resource in the inventory, you'll see a new tab "Exposure" where'll find the affected resources, and the information about what paths are exposed.
Also, you can use this filter in the Inventory Search, using the CloudResource.isExposed filter. For example:
MATCH CloudResource VIOLATES Control
WHERE CloudResource.isExposed = true AND CloudResource.type IN ['IBM Virtual Server For VPC Instance'] AND CloudResource.platform = 'IBM'
RETURN DISTINCT CloudResource, Control
LIMIT 50;
You can use a query like this to create a custom Risk definition in your IBM Cloud SCC Workload Protection instance.
Network Exposure in Risks
You can also check the exposure of a resource from a Risk detail, in the finding details in the All Findings tab, as shown in the picture. There you'll see the resource affected, and the exposed paths.
Now you can easily find your exposed resources in IBM Cloud SCC Workload Protection
In this blogpost we've presented the new Network Exposure feature that will help you finding the exposed resources in your cloud infrastructure in a very quick and easy way. You can use this feature to list the exposed resources in the inventory, and to create custom Risk definitions that fit your security use cases better.
Get Started and Learn more
Get started with Security and Compliance Center Workload Protection: