Frequently Asked Questions

Sign Up

How do I sign up to ARGOS?


Signing up to ARGOS is done in three simple steps. - Browse to https://app.argos-security.io - Add your details - Click sign-up




What requirements are there for a user to log in?


The following identities are supported by ARGOS:

  • Azure Active Directory
  • Google
  • Amazon
ARGOS users must log in with valid email addresses.





Advanced Scenarios

Azure Key Vaults - Ensure that the expiration date is set on all keys


Keys are data stored inside of Key Vaults and in order to read keys the SPN you created for ARGOS needs to be granted an Access Policy to "Get" and "List" keys on each Key Vault that needs to be monitored. Follow this guide. Without those permissions set ARGOS will not be able to execute this rule.




Azure Key Vaults - Ensure that the expiration date is set on all secrets


Secrets are data stored inside of Key Vaults and in order to read secrets the SPN you created for ARGOS needs to be granted an Access Policy to "Get" and "List" secrets on each Key Vault that needs to be monitored. Follow this guide. Without those permissions set ARGOS will not be able to execute this rule.




Our Azure Storage Accounts are all configured with Firewall settings. Can we still use ARGOS to monitor them?


Yes, you can. This requires some configuration on the Storage Accounts to whitelist the ARGOS service IP on the Storage Accounts. Follow the documentation here and contact our support team to learn about our internet IP.





Onboarding Cloud Environments

Add Azure to ARGOS


ARGOS requires an Azure AD application to authenticate to a customer's Azure cloud. You can create one in a few simple steps:

Once that is created ARGOS requires at least Reader permissions to each Azure subscription you want to monitor. Follow these steps to assign Reader permissions to the Azure AD application from above: If you want to use ARGOS's remediation feature, then ARGOS also requires the appropriate "write" permissions to the Azure subscription.




Add AWS to ARGOS


ARGOS requires an AWS IAM user to authenticate against an organisation's AWS account. Please follow these simple steps to create an AWS IAM user and access keys:

At a minimum ARGOS requires the ViewOnlyAccess policy to monitor an AWS account. If you want to use ARGOS's remediation feature we will require you to grant ARGOS the appropriate "write" permissions. In your "My Account" page you can now add an AWS account specifying above information.





Deployment

What do I have to deploy to use ARGOS?


Almost nothing. You'll only have to add an Azure Service Principal / Azure AD App Registration (for Azure) or your AWS IAM credentials (for AWS) to ARGOS. That's it. You do not need to deploy any infrastructure into your cloud environment to get the full benefits of running ARGOS.




How much does it cost me to run ARGOS?


Besides the subscription cost there is no other cost associated with ARGOS. Note: Using ARGOS to remediate rule violations may have effects on resource cost.





Data

Where does ARGOS store its data?


The metadata about rule detections is stored in a secured database located in Australia.




Is our data secure?


ARGOS encrypts sensitive data like the Azure or AWS credentials with AES-256 GCM in our database.




What data does ARGOS store?


ARGOS does not store any actual data about your environment apart from metadata like cloud resource IDs. We will never read any files or access any application data in your environment. ARGOS does not store any Personal Identifiable Information (PII) nor credit card information. For more information read our Privacy Policy




What happens to our data after we cancel our subscription?


Customer data is automatically marked for deletion 30 days after the end of the subscription.





Working with ARGOS

Can we ignore resources?


Yes, ARGOS automatically ignores cloud resources with the following tag: `argos-ignore = true` Learn more about how to tag resources:




Can we ignore a detection?


Yes, specific detections can be ignored by an ARGOS user if they are expected on a resource. Simply find the rule violation in question and click the "ignore" button. A user can easily revert this by finding the ignored resource and selecting "unignore" at which point the resource will again be included in graphs and scoring.






Ready for your demo?

Please leave your details and we will be in touch soon.