Overview
The EPAM Syndicate Rule Engine is a solution that allows checking and assessing virtual infrastructures in AWS, Microsoft Azure, GCP clouds, and Kubernetes clusters against legal, industry, corporate, and customer requirements, standards, and best practices rulesets. By default, the solution provides hundreds of security, compliance, utilization, and cost-effectiveness rules, which match world-known standards like GDPR, PCI DSS, CIS Benchmark, and more.
This allows an enterprise to be sure that the environments used for production or development purposes are compliant with the various rules. Meanwhile, it minimizes the challenges like finding proper tools, performing checks in different directions, analyzing findings and quickly reacting, proper remediation planning, ensuring continuous compliance, and maintaining the cost-effectiveness and optimization of infrastructure
For existing businesses, it helps inventory and assessment for their legacy infrastructure and planned updates and for new businesses, can help make sure their processes and infrastructure match standards and are effective and safe.
The core of the EPAM Syndicate Rule Engine is a mechanism that scans a specified account to find resources that are not compliant with the applied rule set. These scans include:
On-demand scan: A one-time or an irregular scan initiated by an operator or a 3rd party system at the moment considered proper by them. This can be used to perform an initial infrastructure assessment or check the readiness to pass a specific type of audit.
Scheduled scan: A regular scan performed according to a specific schedule. This can be used to ensure continuous compliance checks, for example, before or after regular product updates.
The result of a scan is a list of vulnerabilities and metadata of the scan that can be processed and analyzed by the customer to define remediation plans and priorities.
Highlights
- Customers can use a single tool across multiple clouds for infrastructure inventory, compliance, security, and FinOps best practices.
- EPAM Syndicate Rule Engine uses industry best practices across the most important security standards and compliance packs
- Customers can configure scans for specific needs and selected standards and following rules performance, decide which to run
Details
Typical total price
$0.068/hour
Features and programs
Financing for AWS Marketplace purchases
Pricing
- $0.00/month
Instance type | Product cost/hour | EC2 cost/hour | Total/hour |
|---|---|---|---|
m6g.large | $0.00 | $0.077 | $0.077 |
m6g.xlarge | $0.00 | $0.154 | $0.154 |
c6g.large Recommended | $0.00 | $0.068 | $0.068 |
c6g.xlarge | $0.00 | $0.136 | $0.136 |
c6g.2xlarge | $0.00 | $0.272 | $0.272 |
c7g.xlarge | $0.00 | - | - |
c7g.medium | $0.00 | - | - |
m7g.large | $0.00 | - | - |
c6g.medium | $0.00 | - | - |
c7g.large | $0.00 | - | - |
Additional AWS infrastructure costs
Type | Cost |
|---|---|
EBS General Purpose SSD (gp3) volumes | $0.08/per GB/month of provisioned storage |
Vendor refund policy
Subscription cancellation within 48 hours of purchase.
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
64-bit (Arm) Amazon Machine Image (AMI)
Amazon Machine Image (AMI)
An AMI is a virtual image that provides the information required to launch an instance. Amazon EC2 (Elastic Compute Cloud) instances are virtual servers on which you can run your applications and workloads, offering varying combinations of CPU, memory, storage, and networking resources. You can launch as many instances from as many different AMIs as you need.
Version release notes
added logic that validates whether the installation is successful to sre-init and outputs a message to the customer if there is an error improved sre-run so that it fails if any command in ami-initialize fails. Also it outputs all logs to log file
Additional details
Usage instructions
When the AMI instance is running, you can log in using SSH and immediately use the Rule Engine. Log in using the command:
ssh -i private-key.pem admin@domain.compute.amazonaws.comCheck the version of the Syndicate CLI:
syndicate versionThe syndicate tool is the main command-line interface (CLI) for interacting with the Rule Engine API and Modular Service API. The Rule Engine API allows you to execute scans and receive reports. The Modular Service API is an admin API that allows you to configure organizational entities such as Customers and Tenants. Use the following commands for each API:
syndicate re (Rule Engine API) syndicate admin (Modular Service API)Both APIs have authentication mechanisms and credentials to access them. These were set up for you during the initial setup, and their refresh tokens are updated automatically when the session ends. The syndicate tool also has its own authentication mechanism, and it may require you to log in occasionally. If a syndicate command indicates that the session has ended, use the following command:
syndicate loginNote: Credentials are located in ~/.modular_cli/. Initially, only the entity representing the AWS account where the instance is running is activated. Such entities are called Tenants. You can describe them using this command:
syndicate re tenant describeNote: The default tenant has the name CURRENT_ACCOUNT, which must be used to reference this entity. When the instance starts, it requests a license and rule-sets from our License Manager. You can describe the license using this command:
syndicate re license describeTo describe the rule-sets, use:
syndicate re ruleset describeIf the instance has an Instance Role with access to this AWS Account, you can execute scans immediately without further configuration. Use this command:
syndicate re job submit --tenant_name CURRENT_ACCOUNT --region eu-west-1 # or your desired regionThe Rule Engine will use the rule-sets available under the license and credentials from the instance profile. To see the job's status, use:
syndicate re job describe --limit 1When the status is SUCCEEDED, you can request reports:
syndicate re report digests jobs --job_id <job_id> --json syndicate re report resource latest --tenant_name CURRENT_ACCOUNT --json > data.jsonRefer to the full documentation for further details.
Support
Vendor support
This version is provided free of charge under an Apache-2.0 license and relies on community-based assistance.
For deploying an enterprise-grade version with Professional Services included, the full rulesets library available, and expanded and unlimited scans - please check the EPAM Syndicate Rule Engine Professional offering.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
