What is a Compliance Check?


What is a Compliance Check?

A compliance check is an item in Kion that performs an analysis on a cloud resource to see if it matches an undesirable configuration. You would typically use these checks to find resources with insecure configurations, so an example would be a check for an S3 bucket that is configured as publicly accessible.

There are different types of checks available: 

  • Cloud Custodian: Kion includes the open-source Cloud Custodian rules engine, which allows you to easily write and run YAML policies against your cloud resources like EC2 instances, VPCs, root users, etc. 
  • Azure Policy Check: you can add Azure policy definitions to Kion with JSON policy code specifically configured to check for compliance in your Azure resources.
  • External: Kion also supports ingesting data from external tools, so compliance checks serve as metadata for those external checks as well.
  • Tenable.sc Integration: a compliance check that is used by the Tenable.sc middleware. These compliance checks are created automatically based on the filters that you set.

To get you started, there are 75 Cloud Custodian compliance checks available in your environment.

Compliance checks are applied through compliance standards. To create a compliance check, read Add a Compliance Check. To add compliance checks to compliance standards, read Add a Compliance Standard.

You can also learn more about how to write compliance policies in the Writing Cloud Custodian Compliance Policies and Writing Azure Policies for Compliance articles.


Was this article helpful?
0 out of 0 found this helpful