What is frequency at which redlock scans cloud accounts ?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

What is frequency at which redlock scans cloud accounts ?

L0 Member

I am curious to know the frequency at which redlock scans /make api calls to cloud accounts, I undersatnd once policy is created and alert rule is configured & also wanted to know if there is any feature in redlock to capture the exact details api calls made. However I have been configured redlock service with my multiple AWS accounts and I also see the billing for my account are higher than expected.I need this information for cost optimizatoin in aws accounts as i could see thousand of redlock api calls in the aws account  that has been onboarded on redlock.

 

It would be great help if anyone can provide information related my above query. Thanks in advance.

 

Awaiting your response !

1 accepted solution

Accepted Solutions

L3 Networker

It depends on the data source (configuration metadata, events or flow logs).  For configuration metadata, we pull the data about every 45 minutes but this can vary depending on number of objects, rate limits imposed by the cloud service providers and latency.  When an account is first onboarded, you will see a large amount of API calls since this is the first time we have seen any of the data so we pull more.  As time goes on, we pull less since we have an established pattern of data to work from (there are some caveats here).

 

Hope that answered the question!

 

 

View solution in original post

4 REPLIES 4

L1 Bithead

Very good question sagar. Even i am also facing same type of issue(thousands of redlock api calls in aws accounts). It would be great help if anyone provide info related to query

L3 Networker

It depends on the data source (configuration metadata, events or flow logs).  For configuration metadata, we pull the data about every 45 minutes but this can vary depending on number of objects, rate limits imposed by the cloud service providers and latency.  When an account is first onboarded, you will see a large amount of API calls since this is the first time we have seen any of the data so we pull more.  As time goes on, we pull less since we have an established pattern of data to work from (there are some caveats here).

 

Hope that answered the question!

 

 

@ebeuerlein Thank you so much for your response !

 

Just a quick check, would that be possible to share a rough estimation on an basis how much is charged on an account level when ever redlock makes a scan to identify the vulnarabilities/violated resources.

As confirmed by you, I believe every 45 minutes it does a scan on an average. So just wanted to understand.

 

Awaiting your response.

Unfortunately no, it's highly dependent on number of resources scanned, which can change based on permissions granted, how active the account is, etc.

  • 1 accepted solution
  • 6275 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!