Add a Compliance Check
A compliance check performs an analysis on a cloud resource to see if it matches an undesirable configuration.
You can create a new check using an existing one as a template by cloning a check. To clone a check, navigate to All Compliance Checks, click the ellipsis menu next to the check you want to clone, and select Clone.
To add a new compliance check:
- Navigate to Compliance > All Compliance Checks.
- Click Add New.
- Enter a name for the compliance check.
- (Optional) Enter a Description. We suggest including information about the purpose of the check.
- Select the Check Severity. Checks can be marked as Critical, High, Medium, Low, or Informational. Check severity can be used to filter compliance findings and is used to calculate your compliance score. For more information, see Compliance Score.
- Select a Cloud Provider. This check can be applied to resources from the selected cloud provider.
- Select at least one user or user group as the owner.
- Select whether you want findings to be auto-archived after remediation action is taken.
- Select a Compliance Check Type from the dropdown menu.
- Cloud Custodian. Kion includes the open-source Cloud Custodian rules engine, which allows you to easily write and run YAML policies against your cloud resources.
- Azure Policy Check. You can add Azure policy definitions to Kion to check for compliance in your Azure resources.
- External. Kion also supports ingesting data from external tools. Compliance checks serve as metadata for those external checks as well.
We recommend selecting a frequency that reflects the severity of the check. For example, critical checks that would require immediate action, such as unauthorized security group configuration changes, should be run frequently (every 5 minutes).
- Most checks, such as checking for the presence of unauthorized EC2 instances and AWS Lambda functions, should look in all regions.
- Checks that are global in scope, such as IAM policies, should look in specific regions. Running global checks in multiple regions returns results per region, potentially producing duplicate findings.
Compliance checks are applied to resources by compliance standards.