IBM Cloud Docs
Connecting Caveonix Cloud Platform

Connecting Caveonix Cloud Platform

You can configure Caveonix Cloud Platform to send results to Security and Compliance Center so that you can view all of your results in one place. Caveonix can transmit infrastructure findings that are found when a copmliance scan is run that evaluates VMware environments. For more information about using VMware solutions with IBM Cloud, see Caveonix RiskForesight on IBM Cloud Overview.

To learn more about how the integration is configured, check out the following diagram.

The image shows the sequence of events that a user follows as part of setting up the integration.
Figure 1. Caveonix integration flow

  1. Configure Security and Compliance Center by creating an instance, connecting a Cloud Object Storage bucket to store results, and registering Caveonix as an integration. Then, create an attachment to start seeing results.
  2. Configure Caveonix to send results to Security and Compliance Center.
  3. View your results in the Security and Compliance Center dashboard.

Before you begin

Before you get started, be sure that you have the following prerequisites:

  • An IBM Cloud account. For more information, see Setting up your IBM Cloud account.
  • An instance of the Security and Compliance Center service. For more information, see Create an instance.
  • A Cloud Object Storage bucket to store results. For more information, see Setting up data storage and processing for Security and Compliance Center.
  • The required level of access to create and manage integrations in Security and Compliance Center. To pull results from Workload Protection, you must have the administrator platform role or higher for the Security and Compliance Center service. For more information, see Assigning access.
  • A Caveonix account.
  • You must have version 5.0 of Caveonix Cloud deployed with an organization created.
  • VMware asset repositories.

Creating an API key

A service ID API key is required for Caveonix to send data to Security and Compliance Center. To generate an API key, you can use the following steps.

  1. Create your service ID.

    1. In the IBM Cloud console, go to Manage > Access (IAM).
    2. On the Service IDs page, click Create.
    3. Provide a Name and Description for your service ID. Then, click Create. A page with the details of your newly created service ID loads.

  2. Assign the proper permissions to your ID.

    1. Click Assign access.
    2. In the Service section, select Security and Compliance Center. Then, click Next.
    3. You can choose to specify a specific resource or select All resources. Then, click Next.
    4. In the Roles and Actions section, select Data Provider. Then, click Next.
    5. Skip the Conditions section. Then, click Add.
    6. Click Assign.

  3. Create a new API key for your service ID.

    1. Select the API key tab.
    2. Click Create.
    3. Provided a Name and Description for your API key.
    4. Click Create.
    5. Copy or download your key to be able to use it later in the flow.

Now that you have a key, you're ready to start the connection flow in Security and Compliance Center.

Creating a connection

To create a connection with Caveonix with Security and Compliance Center, you need to register Caveonix as an integration through the Security and Compliance Center UI.

  1. In the IBM Cloud console, click the Menu icon Menu icon > Security and Compliance to access the Security and Compliance Center.
  2. In the navigation, click Integrations.
  3. In the Caveonix tile, click Connect. A side panel opens.
  4. Provide a Name for your connection and click Connect.

Creating an attachment

To evaluate your resources, you create an attachment. An attachment is the association between the set of resources that you want to evaluate and a profile that contains the specific controls that you want to evaluate. When you create an attachment you must select the Caveonix related profile to enable the connection correctly.

To help creating an attachment, see Scanning your resources.

Be sure to copy your attachment ID as you will need it in the next step.

Configure Caveonix to send results

As your final configuration step, you must provide information to Caveonix about the integration through the Caveonix dashboard. You must also have scans configured to run through Caveonix.

You must provide the following information from Security and Compliance Center to complete the configuration:

  • Your provider type instance ID. You can find this in the details panel of your Caveonix integration on the Integrations page.
  • The endpoint for pushing results. This can be found in the details panel of your Caveonix integration on the Integrations page.
  • The API key that you created in step 1.
  • The ID of your Security and Compliance Center instance. You can find this on the Plan page of the Security and Compliance Center UI.

For help accessing the console, see Managing Caveonix RiskForesight. For step-by-step help setting up the configuration through the Caveonix dashboard, see the Caveonix documentation.

You must log in to Caveonix to view the Caveonix documentation. If you run into issues accessing the documentation, contact support@caveonix. Be sure to specify your project name.

Viewing the results

To view the results of your scan, go to the dashboard in the UI of the Security and Compliance Center instance that you are working with. For more information about the details in your results, see Viewing results.