Enable Traffic Visibility
Enabling traffic visibility provides awareness into the traffic flows within the Cloud Accounts by collecting the following logs:
-
NSG Flow Logs
-
(AWS only) VPC Flow Logs
-
DNS Logs
-
Route53 Query Logging
The flow and DNS query logs are used by Multicloud Defense to understand traffic flow, correlate with threat intelligence feeds, and provide insight into existing threats that can be protected using Multicloud Defense.
Enabling traffic visibility is a different process for every cloud account type, but typically you will need to identiy account characteristics such as your cloud account's region, VPC/VNet you want to monitor, network security groups, and a cloud storage account for logs.
Use the following procedure to enable traffic visibility from the Setup wizard:
Before you begin
You must have already connected at least one cloud service provider account to the Multicloud Defense Controller.
Procedure
Step 1 | In the Multicloud Defense Controller portal click Setup in the left navigation bar. |
Step 2 | In the setup wizard, click Enable Traffic Visibility. |
Step 3 | CSP Account - Use the drop-down menu to select the cloud service provider account to which Multicloud Defense Controller deploys the Service VPC/VNet. |
Step 4 | Region - Use the drop-down menu to select the region where the cloud service provider you selected is located. |
Step 5 | Scroll through the table of available available VPCs that are applicable to the type of cloud service provider you selected and check the appropriate VPC. Note that if you do not immediately see the VPC, click the Refresh icon to refresh the current list. |
Step 6 | (Optional) Use the drop-down menu to select the S3 bucket in your account where DNS queries and VPC flow logs are stored. The S3 bucket selected is created by Multicloud Defense as part of the process when enabling traffic. |
Step 7 | Click Next. |
What to do next
Secure your account.