Example Request
This example request includes usage of the following Chef products (select one
or more):
Problem Statement
Currently, if using Automate to perform ad-hoc scans, you must allow network access to the target ip's directly. This means allowing port 22 for Linux, and 5985/5986 for WinRM, which is ok when Automate is behind the DMZ, however, when Automate is used aaS, then it will be reaching out to targets from a public IP. If you could use a bastion to act as an in-between for these scans, then it would help to limit the exposure of sensitive ports.
External References
Additional Notes
N/A
Example Request
This example request includes usage of the following Chef products (select one
or more):
Problem Statement
Currently, if using Automate to perform ad-hoc scans, you must allow network access to the target ip's directly. This means allowing port 22 for Linux, and 5985/5986 for WinRM, which is ok when Automate is behind the DMZ, however, when Automate is used aaS, then it will be reaching out to targets from a public IP. If you could use a bastion to act as an in-between for these scans, then it would help to limit the exposure of sensitive ports.
External References
Additional Notes
N/A