07-22-2019 02:41 AM - last edited on 09-02-2020 10:17 AM by kwadsack
I am curious to know the frequency at which redlock scans /make api calls to cloud accounts, I undersatnd once policy is created and alert rule is configured & also wanted to know if there is any feature in redlock to capture the exact details api calls made. However I have been configured redlock service with my multiple AWS accounts and I also see the billing for my account are higher than expected.I need this information for cost optimizatoin in aws accounts as i could see thousand of redlock api calls in the aws account that has been onboarded on redlock.
It would be great help if anyone can provide information related my above query. Thanks in advance.
Awaiting your response !
07-22-2019 08:18 AM
It depends on the data source (configuration metadata, events or flow logs). For configuration metadata, we pull the data about every 45 minutes but this can vary depending on number of objects, rate limits imposed by the cloud service providers and latency. When an account is first onboarded, you will see a large amount of API calls since this is the first time we have seen any of the data so we pull more. As time goes on, we pull less since we have an established pattern of data to work from (there are some caveats here).
Hope that answered the question!
07-22-2019 02:44 AM
Very good question sagar. Even i am also facing same type of issue(thousands of redlock api calls in aws accounts). It would be great help if anyone provide info related to query
07-22-2019 08:18 AM
It depends on the data source (configuration metadata, events or flow logs). For configuration metadata, we pull the data about every 45 minutes but this can vary depending on number of objects, rate limits imposed by the cloud service providers and latency. When an account is first onboarded, you will see a large amount of API calls since this is the first time we have seen any of the data so we pull more. As time goes on, we pull less since we have an established pattern of data to work from (there are some caveats here).
Hope that answered the question!
07-22-2019 08:58 AM
@ebeuerlein Thank you so much for your response !
Just a quick check, would that be possible to share a rough estimation on an basis how much is charged on an account level when ever redlock makes a scan to identify the vulnarabilities/violated resources.
As confirmed by you, I believe every 45 minutes it does a scan on an average. So just wanted to understand.
Awaiting your response.
07-22-2019 09:31 AM
Unfortunately no, it's highly dependent on number of resources scanned, which can change based on permissions granted, how active the account is, etc.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
