Getting started with Steampipe on Zercurity

Zercurity
3 min readAug 16, 2022

--

We’re excited to announce that Zercurity has added support for Steampipe. Steampipe adds support for querying (via SQL) all the major cloud provides and SaaS providers. Just like with Osquery, Zercurity is using Steampipe to give you visibility across your cloud and SaaS products. Zercurity has also added Steampipe as an additional plugin to our compliance framework builder. Which enables you to construct and validate cloud or SaaS configurations on a continual basis.

Getting started

You can now add integrations via the asset enrollment pane or under settings pane within Zercurity. From the drop down menu you can choose your integration. In this example we’re going to connect directly to AWS.

Adding AWS as an integration in Zercurity

To get the required API credentials, head on over to the AWS Identity and Access Management (IAM) console and select Users, Add User. The AWS credential type you’re after is Access key — Programmatic access.

On the Set permissions page. Find and select the ReadOnlyAccess from the existing AWS managed policies. This will let Steampipe freely query all the available and future virtual tables as a read only user. You can of course restrict the IAM user permissions down to S3 or any other AWS services.

AWS ReadyOnlyAccess policy

Once finished, you’ll be given your AWS access id and key. These need to be copied into the integration window along with the regions that are currently in use. As these will be automatically selected for each query.

Zercurity integrations pane

Once competed, Zercurity will test the AWS credentials and you’ll see the new integration listed. Any errors will be highlighted in orange below the added integration.

Steampipe workbench

Let’s put this all to use. You can run ad-hoc queries via the Zercurity workbench. Let’s see it in action:

Zercurity Steampipe ad-hoc query builder

Steampipe compliance frameworks

Just like with the existing compliance frameworks that make use of Osquery. You can now run queries directly against your Steampipe integrations and ensure the configuration and state is compliant on a continual basis.

From the screenshot below you can see that using the Steampipe plugin. We can check to ensure that all S3 buckets are encrypted at rest. The query can also be directly run via the Zercurity Workbench to see the expected results.

Zercurity Steampipe compliance framework

For the given query we can also see the failing test result and the resulting AWS S3 buckets that are in a state of non-compliance. Once fixed, the compliance rule will be marked as passing.

Failing S3 bucket compliance rule

Automation can also be added using the Zercurity workflows to automate or remediate failing Steampipe rules.

Its all over!

We hope you found this helpful. Please feel free to get in touch if you have any questions.

--

--

Zercurity
Zercurity

Written by Zercurity

Real-time security and compliance delivered.

No responses yet