What is a Finding?


What is a Finding?

A compliance finding identifies a cloud resource that is non-compliant with an assigned compliance check. There are a few different types of findings:

  • Active Findings. Active findings have identified cloud resources that are non-compliant and that have not had any action taken to bring them into compliance.
  • Suppressed Findings. Suppressed findings are excluded from future scans. For example, you may have a check that looks for public S3 buckets, but you might suppress findings for a specific bucket because it contains data that is designed for public consumption.
  • Archived Findings. Archived findings have been acknowledged and marked as remediated.

Compliance in Kion is made up of three pieces: compliance findings, compliance checks, and compliance standards.

  • Findings identify specific resources that are not compliant. Findings cannot exist without checks, because checks define what is and isn't compliant. A check questions if a resource is compliant, and a finding is the answer to that question.
  • Checks contain definitions for compliance that findings are based on.
  • Standards group together related checks to meet larger compliance goals, guidelines, or requirements.

What Next?