- Notifications
You must be signed in to change notification settings - Fork6.1k
Add agent & cloud hardening guides#20218
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
base:master
Are you sure you want to change the base?
Add agent & cloud hardening guides#20218
Uh oh!
There was an error while loading.Please reload this page.
Conversation
The guides are essentially correct but what I would say is that they lack some details. We talk about securing this or that but the instructions on how to exactly do that are not there - what I need to change in which file to make it happen. |
I think@kanelatechnical can't add more details. Can you,@M4itee?@kanelatechnical will update the wording later. |
@M4itee hey hey! If you like you could make a separate draft with relative notes, so I can integrate the missing info in the guides myself |
I will try, do we have any ETA on this? I need to arrange my working time accordingly |
According to Costa this is priority, if you're working on something else that's also urgent perhaps consult with him about which should come first |
| | [Netdata Cloud (SaaS)](https://app.netdata.cloud) and its web dashboard | ✓ | | ||
| | Cloud-to-Agent interactions (including Netdata Parents) | ✓ | | ||
| | Optional on-premises or private-hosted Netdata Cloud setups | ✓ | | ||
| | Netdata Agent security (covered in separate guide) | ✗ | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
We should link it when we will know what the link is going to be for agent hardening
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Of course this is a mockup
Uh oh!
There was an error while loading.Please reload this page.
| | **3. Role-Based Access Control (RBAC)** | Assign least-privilege roles to team members within Netdata Cloud Rooms. | **High** | | ||
| | **4. Cloud Configuration Management** | Review change history for dashboards, alerts, and spaces. | **Medium** | | ||
| | **5. Alert Notification Security** | Secure all alert endpoints and notification channels. | **High** | | ||
| | **6. External Access Protection** | Secure the Cloud UI with SSO, enforce session expiration policies. | **Critical** | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The session expiration is something I have small issue with because cloud itself does not offer such setting. This needs to be fixed on SSO provider side.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
kanelatechnicalMay 7, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Let me know whether you think it's useful info for the hardening guide (I thought it was), I understand your pov but I think since this isn't the product page it's okay that it's there
Costa requested the creation of hardening guides — two separate docs: one for the agent and one for cloud-based deployments.
Please review and feel free to correct or expand on any technical details I may not have gotten right.
These docs are intended to live under the broader "Privacy and Security" category.