Preview: This feature is currently in preview mode and its functionality may change ahead of the GA release.
You can create a custom plugin either by configuring metadata and plugin conditions in our UI or by uploading it directly as a JSON file.
TABLE OF CONTENTS
Create a Plugin
To create and customize your plugin, follow the below steps:
- Login to your cloud.aquasec.com account.
- Navigate to Scans and select Plugins from the list.
- Select Create Plugin.
- Configure Plugin by filling in values for the following fields:
APIs: Select the desired API from the list. You can also upload a custom plugin in JSON format by selecting Upload JSON.
Cloud Account (for Testing): Select the cloud account for testing.
Configure the plugin conditions by filling in the following fields:
Property: Property is a key of the data returned by the API in key-value pair (JSON format). Each JSON key is the name of the property. Select the appropriate property from the drop-down.
Transform: Converts the entered property to the desired value type for comparison. Select the desired transform type from the list. This field is optional.
Operation: This specifies the operation used for comparing the value after transformation. For example, the EQUALS operation checks if any two or more conditions are matching.
Value: This is the JSON schema used to validate the corresponding property.In the above screenshot, the Certificate.DomainName property value is checked with the predefined value "Aqua". Transform operation transforms the property to String and then EQUALS operation does string comparison.
Select Add Condition if you wish to add multiple conditions.
Select Match All for AND operation and Match Any for OR operation between the conditions. For example, in the below screenshot, the scan passes only if all the three conditions are true as the selected operation is Match All. If the selected operation is Match Any, the scan passes even if one of the three conditions passes.
To delete any of the added conditions, locate the condition to delete, select three dots at the right, and click Delete.
Select Evaluate to test the results of the plugin. The live results are displayed as shown in the screenshot below.
The plugin must always be evaluated before saving.
Click Save Plugin and enter the following fields in the pop-up tab:
Category: This specifies the type of resource that is queried. Select the category from the drop-down list.
Title: Mention a title for the plugin in the textbox. For example, "S3 bucket versioning ASL".
Description: Enter a short description about the functionality of the plugin. For example, "Ensure object versioning is enabled on S3 buckets".
More Info: You can add additional information about the plugin here.
Severity Level: You can set this value depending on your organization's need (low, high, medium, or critical).
Recommended Action: This represents the expected action taken by the plugin. An example action would be "Enable bucket versioning".
Documentation Link: You can add the documentation links here. For example, "http://docs.aws.amazon.com/AmazonS3/latest/dev/Versioning.html".
Click Save Plugin.
Once you save the plugin, you can export it in JSON format. To do so, refer Export JSON File section.