Understanding Clarity Views
Security groups view
Security Groups view displays the security group configuration in a visual manner and is interactive in nature.
This view can only be applied to AWS accounts.
Clarity will visualize the selected VPC, and display the traffic sources, permitted traffic paths, security groups, and the degree each security group has exposure to the Internet.
Context and additional information is displayed by clicking on any object, and is displayed in the pane on the right.
For traffic sources, individual IPs or ranges, traffic target information is displayed.
For Dome9 IP list objects, list contents and traffic target information is displayed:
For security groups: Information displayed for any given security group includes instance assignments, rule sets (that match the color-coding of the Clarity legend indicating exposure to the Internet), Permitted traffic sources and traffic targets.
If the Security group is managed via Dome9 you can open the referenced Security Group on the Dome9 UI.
Effective Policy Grouping
Effective Policy grouping groups Security Groups with common policies.
This is a view without grouping:
Applying Effective Policy grouping, the view appears like this:
CloudGuard Dome9 will visualize 'common policy groups'. These are groupings of security groups that apply to one or more instances. That is, which security groups, in combination with others, make up the effective policy for any given instance.
In contrast to the Security Groups view, if security groups are not assigned to any instances, they will not be displayed in the Effective Policy view.
This view shows your cloud assets, such as instances and database servers, and the connections between them. Each node in this view shows an asset. They are grouped logically, according to exposure to the internet, and their interconnections are shown.
This view can be selected for all cloud providers.
You can apply the Effective Policy Grouping, to group assets that are affected by common security groups.