Skip to content

FAQ

Frequently asked questions.

Direct answers to the most common questions from people arriving at WiserOps for the first time.

Setup and connection

  • How long does it take to connect my first cloud?

    Two minutes for setup (create account + run CloudFormation Quick-Create or upload a GCP Service Account). The scan itself takes a few minutes depending on account size.

  • Do I need to install any agent in my infra?

    No. WiserOps uses cross-account IAM Role (AWS) or Service Account (GCP) and reads everything via the provider's official API. Zero agents, zero sidecars, zero containers running in your infra on our behalf.

  • What if I have AWS Organizations with many accounts?

    You connect account by account (each one has its own Role). On Pro you run up to 3 accounts; Enterprise covers up to 10 accounts.

Security and credentials

  • Do you store my AWS key?

    No. WiserOps never receives an AWS key from you. The model is cross-account IAM Role: you create a Role in your account, authorize our account (833073837959) to assume it with a unique External ID, and we use STS.AssumeRole to get temporary credentials (15 min). The only thing we store is the Role ARN, which is a public reference, not a secret.

  • What about GCP? Do you store the Service Account key?

    Yes, but encrypted. The SA JSON file is encrypted at rest with Fernet + PBKDF2-SHA256 using 600,000 iterations and a per-credential salt. The decryption key is not stored alongside the data. We decrypt in memory only during a scan.

  • Can WiserOps modify my cloud?

    No. 100% read-only. The AWS managed policies we use (ReadOnlyAccess + Billing) have no write permission on any resource. In GCP we use the cloud-platform.read-only scope. The technical ability to modify simply doesn't exist.

  • How do I revoke access if I want to?

    AWS: delete the Role in IAM; our next AssumeRole fails and we lose access immediately. GCP: delete the Service Account or remove permissions. You don't need to open a ticket with us, revocation is unilateral.

What the product does

  • Which compliance frameworks do you map?

    Six: CIS AWS Foundations Benchmark v3.0, ISO 27001:2022, LGPD, NIST CSF 2.0, PCI-DSS v4.0 and SOC 2. HIPAA and GDPR are on the roadmap.

  • Do you do automatic remediation?

    No. WiserOps only reports and recommends. The decision to apply any change is yours. This is a deliberate product choice: critical environment, no automation running on customer accounts.

  • What is drift detection?

    On each scan we compare against the previous one and highlight what appeared, what's gone and what persists. It's how you know someone opened a public S3 bucket Tuesday night without having to audit manually every day.

Pricing and plans

  • Do I need a credit card to start?

    No. Free tier without card, without trial countdown. Use as long as you want on Free (1 account, Compute module only).

  • What's the difference between Starter and Pro?

    Starter (R$197) gives you 1 cloud account and all modules. Pro (R$497) gives you 3 accounts and vulnerability scanning. Both include weekly/daily scheduling.

  • Can I cancel anytime?

    Yes, no lock-in, no penalty. Cancellation is self-service from the dashboard.

Não respondemos sua dúvida? · [email protected]