Everything you need to know in order to get started and be successful with ARGOS.
Awesome. If you already have a SIEM like Azure Sentinel, Splunk, or similar, then you are already doing amazing things and you likely have great insights into what is happening in your environment.
ARGOS won't replace your existing tools. ARGOS complements.
If you get an incident in your SIEM, instead of manually researching what else could be impacted by an issue just have a quick look at ARGOS's diagram for that resource. It includes all the important information like Attack Path Analysis, Lateral Movement Paths, other related cloud resources and even their issues.
Instead of spending hours without context, just spend a minute or two interpreting the ARGOS diagrams.
Awesome. If you already have a CSPM, then you should already have a list of issues in your environment.
ARGOS won't replace your existing tools. ARGOS complements.
In order to prioritise issues you find in your CSPM just have a quick look at ARGOS's diagram for that resource. It includes all the important information like Attack Path Analysis, Lateral Movement Paths, other related cloud resources and even their issues.
Instead of spending hours or days without context, just spend a minute or two interpreting the ARGOS diagrams.
The following identities are supported by ARGOS:
The account you log into ARGOS with must have a valid email address.
If you have MFA configured on the user account you are logging in with, then ARGOS will also prompt you based on that configuration.
We highly recommend you enable MFA (ideally with a FIDO key) on the user account you access ARGOS with.
We will never end up on The SSO Wall of Shame. Promise!
Yes! ARGOS provides its users with two different kinds of cloud diagrams that are available after a successful scan is completed.
ARGOS gives deep insights into a cloud environment (Azure or AWS) on all diagrams.
These insights include:
Yes, specific detections can be ignored by an ARGOS user if they are expected on a resource.
Simply find the rule violation in question and click the "ignore" button.
A user can easily revert this by finding the ignored resource and selecting "unignore" at which point the resource will again be included in graphs and scoring.
This action is logged and visible in the audit logs.
GCP requires their customers to enable API endpoints in order to have applications programmatically interact with GCP services.
Please check the following URL (https://console.cloud.google.com/apis) in each of your GCP projects and make sure that all APIs of services that are in use in your environment are enabled. Follow the GCP documentation in order to enable APIs in your GCP projects.
Upon completion of a one-off / ad-hoc scan ARGOS will send you an email with access to a PDF and Word report with all the results from the scan, including individual diagrams for each detection.
Yes, absolutely. ARGOS exposes secure APIs to its customers so that day to day actions can be executed using tools like curl, bash, PowerShell or Postman.
Each ARGOS user will receive their own API key they can use to interact with ARGOS.
That's it. You do not need to deploy any agents or infrastructure into your cloud environment to get the full benefits of running ARGOS. ARGOS does not expect any particular cloud services to be enabled, activated, configured or paid for, like Microsoft Defender for Cloud.
Besides the subscription cost there is no other cost associated with ARGOS on Azure or GCP.
Be aware that the increase in API calls on AWS might have cost implications for your AWS CloudTrail service. Please reach out to firstname.lastname@example.org to discuss this.
Note: Using ARGOS to remediate rule violations may have effects on resource cost.
One-off / ad-hoc scan:
Continuous scans (for Teams & Service Providers):
If you want to use ARGOS's remediation feature, then ARGOS also requires the appropriate "write" permissions to the Azure subscription.
ARGOS requires an AWS IAM Role to be created in every AWS account you want ARGOS to monitor.
Follow these steps here to create a role:
In your "My Account" page you can find all required information to create the roles, including the ARGOS AWS Account ID and ExternalId for the IAM role's trust policy. The process behind these information is described in this AWS article.
The role requires access to at least the following IAM policies:
Alternatively, check out the link here to find a very specific IAM policy already prepared for you with precisely the permissions required.
If remediation is used from within ARGOS then the IAM role needs access to make required changes. The policies in this case depend on the services being remediated.
In your "My Account" page you can now add an AWS account specifying the following information.
ARGOS requires a GCP Service Account to authenticate against an organisation's GCP projects.
Please follow these simple steps to create a GCP Service Account:
ARGOS will ask you to upload the Service Account key file that you can download following this process:
At a minimum ARGOS requires the Cloud Asset Viewer and Security Center Service Agent (Project) roles in order to execute the real time inventory and security scanning.
These permissions can be assigned at the Project and / or Folder level.
If you want to use ARGOS's remediation feature we will require you to grant ARGOS the appropriate "write" permissions.
In your "My Account" page you can now add the GCP Projects specifying above information.
When signing up to ARGOS customers have the choice of regions they want to have their data stored.
Currently ARGOS supports the following regions:
ARGOS encrypts sensitive data like the Azure, AWS or GCP credentials with AES-256 GCM in our database.
ARGOS does not store any customer passwords as every customer tenant is automatically enabled for SSO (Single Sign On).
ARGOS does not store any application or user data from within your cloud environment.
ARGOS stores data of the following types:
ARGOS does not read any files or access any application data in your environment.
ARGOS does not store any Personal Identifiable Information (PII) nor credit card information.
Customer data is automatically marked for deletion 30 days after the end of the subscription.
You are in complete control over the data in your ARGOS tenant.
If you decide to click "remove data" for certain scanned cloud environments then we will follow that wish right away and delete the data from all systems.
Otherwise, the data will be retained as long as you have an active ARGOS subscription. After which we delete data within 30 days.
ARGOS can send notifications of new detections into a customer-owned Slack channel.
All we require a webhook to this channel. A Slack incoming webhook can be created by clicking the "Add to Slack" button on https://app.argos-security.io/account/notifications
ARGOS can send notifications of new detections into a customer-owned Teams channel.
All we require is the webhook URI to this channel. A Teams incoming webhook can be created by following this process here.
Add the webhook URI to the "Notifications" tab on https://app.argos-security.io/account/notifications .
ARGOS can easily create Jira tickets in order to assign detections to the right members of your team.
Once configured, a new button will appear when browsing to any detection. Test it out by browsing to https://app.argos-security.io/detections and select any detection. You will now see the "Export to Jira" button.
ARGOS can easily create Service Now tickets in order to assign detections to the right members of your team.
Once configured, a new button will appear when browsing to any detection. Test it out by browsing to https://app.argos-security.io/detections and select any detection. You will now see the "Export to Service Now" button.
ARGOS can send data about detections to your Microsoft Sentinel workspace.
In order to configure this integration follow these simple steps:
New detections will automatically be sent to Sentinel and can be queried from the "ARGOS_CL" table.