What is CloudBot?
In short, Cloudbot, allows you to customise the management and scanning of your cloud assets, with varying degrees of automation.
For a detailed overview of how to enable CloudBot and all the various features, head to this article.
Licenses
When will a cloud target consume a license?
If any of the following scans are run and the target is found to be active, a license will be consumed for 30 days:
If the target is found to be unresponsive, it won't consume (as with all other external targets).
How does licensing work for ephemeral targets?
If they're imported, scanned and active – they will consume a license and it will be locked for 30 days.
Can I prevent imported targets from consuming licenses?
Yes, if they haven't been scanned yet – just exclude them.
If it's a few ad-hoc targets, select the checkbox and hit the
Exclude
button:
If you have a specific subset in mind, you can utilise the filter feature, select all and hit the
Exclude
button:
What if I exceed the licenses in my account?
CloudBot will automatically add any new targets it finds, but you'll only be able to scan as many targets as you have licenses available. If you kick off a scan and you're short on a license we'll drop you an email to let you know:
You can also find this information in the portal Targets > Licenses:
Targets
What type of targets does CloudBot support?
Our cloud integrations (and therefore Cloudbot) only support the types of targets listed below (though you may be able to add them manually):
Cloud platform | Supported assets | Not supported |
AWS | AWS Lambda | |
GCP | GCP storage | |
Azure | External facing IPs
| Azure AD Azure Gov Internal only VM Azure app service endpoints |
How often are targets added?
CloudBot checks your connected cloud account every two hrs for new targets and adds them accordingly.
What happens if I remove a target in my cloud account?
As soon as CloudBot detects it's no longer present in your cloud account, it removes it from the Intruder portal.
Can I choose what cloud targets are added?
Absolutely! For reference, Automatically sync new targets
, will include all supported assets for that cloud platform.
But if you toggle Auto-add targets
to on and create a rule, you can choose what gets pulled through. (For example, below you'll see we've only pulled in targets with specific tags).
NB: when adding more than one Selective sync rule these are logical AND rules, e.g. setting a rules for a specific tag and region will mean only targets that match both the tag and the region will be added.
Can I turn CloudBot on for some cloud accounts and not others?
Absolutely! CloudBot is activated per cloud account – enabling/disabling it for one, will not enable/disable for another.
Can I automatically assign a tag to all targets from my cloud provider?
Absolutely! If you enable the 'Assign tags' toggle switch on the Settings pane, you can provide a tag that you would like all of the assets from your cloud account to be assigned.
Scans
Do I need to add cloud targets to existing schedules every time one is imported?
Not at all. Any assets imported via Cloudbot will be automatically enrolled in scans set to run on All targets
(be it ad-hoc or scheduled).
Can I scan on import?
Yes! You can also opt for them to be scanned as soon as Cloudbot detects them, which is especially helpful if you're not logged into the tool and/or your next scheduled scan isn't for a little while.
To enable this, just head to Targets > Cloud accounts > click the account > Settings:
Note: CloudBot is only available for customers on our Pro, Premium and Vanguard plans.