Aqua Workload Protection

Aqua Security Workload Protection provides services which secure containers, Kubernetes, serverless functions, and VMs against evolving cloud native threats with runtime security, powered by real-world threat intelligence.

Integration Method: API

Tables: Detection Finding, Vulnerability Finding, Device Inventory, Scan Activity

DataBee connects to Aqua Workload Protection APIs to get incidents, vulnerabilities, scan history, risky containers, and other workload related information.

This integration has been tested against the Aqua Enterprise API v2.

Aqua Workload Protection Configuration

Aqua user requirements

You need an Aqua user to authenticate with the REST API before using any of the API endpoints. This user must be configured as follows:

• Role: At least one of the user's roles includes one or more permission sets and application scopes, which meet the requirements defined below. There are no other requirements.

• Permission set(s): Your applications will generally require either read-only and/or write access to certain types of Aqua Platform objects (e.g., images or security policies). In your permission set(s), assign View Only and/or Edit permissions, respectively, to these types of objects. Refer to Permission Sets for information on creating and configuring permission sets.

• Application scope(s): Your applications will be able to access Aqua Platform objects within the application scope(s) associated with the user that has been authenticated. Refer to Application Scopes for information on creating and configuring application scopes.

Generate a CSPM API key and secret

1. Login to your Aqua Workload Protection dashboard account and navigate to Account Management.

2. Under the Account Management page, navigate to Settings > API Keys.

3. Click Generate Key.

4. Copy and save the API Key and Secret values.

5. In the API Keys screen, click Edit from the vertical ellipsis on the same row as the newly generated API key.

6. In the Global Permissions section, disable the Enable global admin permission option.

7. In the Granular Permissions section, enable the tokens:readwrite and roles:assign options
   

8. Click Save.

DataBee Configuration

1. Log into the DataBee console and navigate to the Data > Datasources tab. Click on the Add New Data Source button.

2. Search for the Aqua Workload Protection option using the search bar in the Add New Data Source page.

3. Select the API Ingest option and enter appropriate owner details in the Configure Data source form. Click on Next.

4. In the configuration dialog, enter the following

   • Authorization Method: HMAC Auth

   • Integration Key: Paste the previously generated API key

   • Secret Key: Paste the previously generated Secret

5. Replace the <auth_endpoint> placeholder in the 1^st URL with the token url endpoint based on your geographical region.

6. Replace <instance> placeholder in the remaining API URL(s) with the environment ID of your Aqua Security account instance. The environment ID can be found in the base URL which will be provided by the Aqua Support team.

7. Click Submit