Support Center > Search Results > SecureKnowledge Details
AWS CSPM FSP Lambda Extension Technical Level
Solution
AWS Lambda Extensions are a new way to integrate Check Point Function Self-Protection (FSP) into your account.

Check Point Lambda Extension allows customers that already use CloudGuard Serverless Protection with Layers to take advantage of the newly released Lambda extensions for their layers. 

The solution below describes how to deploy Check Point’s Lambda Extension to provide FSP as a Lambda Layer.

Overview

This document describes the setup of FSP using lambda extensions. FSP logging is handled by the extension. Check Point created the nodejs12 custom runtime to handle runtime, so the function is to be created with nodejs12.

Creating a Node Lambda Handler

Create a nodejs file with a lambda handler in it. Create a ZIP file with lambda handler file. This is your function ZIP. For example, create the runtime.js file and add lambda handler function to it. The lambda handler looks like this:

exports.handler = async (event) => { // TODO: implement console.log("Received event is " + JSON.stringify(event)) const response = { statusCode: 200, body: JSON.stringify('Hello from Lambda!'), }; return response; };

Creating a Custom Runtime

In the AWS CLI, create the lambda function:

aws lambda create-function --function-name ""
--zip-file fileb://function.zip
--handler ""
--runtime nodejs12.x
--timeout 300
--region ""
--role ""
--layers "" ""

fsp layer -> "arn:aws:lambda:us-east-1:151144281378:layer:fsp-layer:1" extension(logger) -> "arn:aws:lambda:us-east-1:151144281378:layer:lambda-extension-logger-layer:2"

where:
  • fsp layer has fsp agent
  • custom runtime layer has custom nodejs runtime
  • extension layer has fsp logger
 

Adding Environment Variables

To add the FSP agent to the function, you need to add the "NODE_OPTIONS" environment variable to the function. Set "NODE_OPTIONS" to "--require @protego/protego-node-agent" in the Environment variables.

Running Lambda Function

Currently, Check Point only supports security events from IO. Behavioral analysis is not supported in this phase. 

ProtegoReport is generated by extension process.

Report example:
[extension] { "protegoReport": { "fspVersion": "1.5.18", "functionId": "arn:aws:lambda:us-east-1::function:lambda-extensions-test:$LATEST", "functionName": "lambda-extensions-test", "io": [ { "count": 1, "injType": "sec_event_xss", "match": "", "patternId": "", "processCallStackInfo": "main:11", "type": "alert" } ], "reportVersion": "2.0", "requestId": "", "sourceIp": "", "transmitTs": "2020-09-09T13:19:25Z" } }
 
For advanced scenarios beyond the solution described in this article, reach out to your AWS Solutions Architect/Partner Team, your Check Point Account Team, and/or check the Check Point Support Center.

To get support with an existing Check Point Lambda Extension Deployment, open a Service Request on Checkpoint.com.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment