Viewing Compliance Checks
Kion comes pre-loaded with many compliance checks to get you started. To view these compliance checks, as well as any other checks that you have created or have permission to view:
- In the left navigation menu, click Compliance > All Compliance Checks.
- You will see a list of all the compliance checks you have permission to view.
Use the filters and tools on this page to narrow results and navigate. Options include:
- Filter content using the dropdown menu(s) or filter icon on the top left.
- Search by keyword using the magnifying glass icon on the top left.
- Navigate the pages of results with the arrow buttons on the top right.
- Click Add New on the top right to add a new object.
- Click Resume Suspended on the top right to resume all suspended checks at once (see the "Ellipsis Menu" section below for more information about suspended checks).
- Resume - checks that fail three times due to an error with configuration or Cloud Custodian will be marked Suspended. The Resume menu option will reset the suspended status and resume scanning for this check.
- Rescan - run the check again on demand.
- View findings - view a list of findings for this check.
- Edit check - edit the check. You can update the frequency and regions of compliance checks managed by Kion for more flexibility.
- Clone - create a new check using the current one as a template.
- Delete - delete the check.
- View check details page - view the details page for the check.
The findings badges on this page are color coded to indicate the level of severity for the compliance check (which is also shown in the Severity column). The colors represent the following:
- Gray: no findings. The check is compliant.
- Maroon: non-compliant check with critical severity.
- Red: non-compliant check with high severity.
- Orange: non-compliant check with medium severity.
- Yellow: non-compliant check with low severity.
- Blue: non-compliant check with informational severity.
- Slate: suppressed findings.
- White (n/a): inactive. The check has not yet been applied to any standards, so it is not scanning for findings.
Since this page reflects findings by compliance check and severity is set at the check level, the numbers on the findings badges reflect the total number of findings at that severity level.
You can click on the findings badges to see a list of the findings.
You can click on the check name to visit the detail page for the check.
Compliance Check Details: Overview Tab
Click the name of the compliance check or View details page on the ellipsis menu to view its details page, including a tab menu for the check. A More tab will display when there are more tabs than the screen can accommodate; you can click More to review the remaining menu options.
The Overview tab shows by default, which provides the following information:
Compliance Check Name and Status
- The name of the compliance check is featured at the top of the screen.
- A status badge will display if applicable. The Inactive badge will display if the compliance check has not yet been applied to any compliance standards. The Suspendedbadge will display if the check has failed three times due to an error with configuration or Cloud Custodian.
Compliance Check Details
- Severity - the check severity (Critical, High, Medium, Low, or Informational).
- Created - date when the check was added to Kion.
- Check Type - shows whether the check uses Cloud Custodian (built-in engine), an Azure policy, or an external engine.
- Cloud Provider - cloud provider associated with the check.
- Frequency - shows how often the compliance check runs.
- Auto Archived - shows whether auto-archiving of findings is turned on for this check. When auto-archive is turned on and a finding is remediated, it won't continue to show as an active finding, and will instead be archived automatically.
- Description - optional description of the check.
- View Policy link - click this link to expand the Policy section, which shows the policy code for the check.
Compliance Check Summary
- Findings - a visual indicator showing the number of active and suppressed findings. Click the View active or View all links to go to the Findings tab, which provides detailed information about these findings.
- Items with Active Findings - shows the number of projects with active findings. Click on View non-compliant projects to view the Projects tab with the Non-Compliant filter applied for a list of the projects with active findings.
An activity feed for the compliance check. This shows the history of changes made to the check.
Compliance Check Details: Findings Tab
Click the Findings tab to view the information about the findings involving this check, including the check severity, the compliance standard name, the project name, the account name, the individual non-compliant resource, the region, and the date/time of the finding. Only active findings display by default; use the Archived and Suppressed tabs at the top of the screen to change the view to the pages for archived findings or suppressed findings. You can filter findings by standard name using the dropdown menu. Use the arrow buttons on the top right to navigate through the pages of results. You can click on the standard name, project name, or account name to visit the detail pages for those objects.
The ellipsis menu on the right of a finding will appear as a floating menu card, so you can use the menu without scrolling through all of the columns. Clicking the ellipsis menu gives you the option to:
- Cloud access - quickly access the cloud account where this finding occurred.
- Archive - archive the finding.
- Suppress - suppress the finding.
- View metadata - view metadata for the finding. The metadata field accepts JSON to allow you to send additional data not captured by Kion. For example, you can include resolution information for the finding as a URL. If this option is not displayed, there is no metadata.
Compliance Check Details: Compliance Standards Tab
Click the Compliance Standards tab to view information about the standards that include this check.
This section displays a list of all the compliance standards that apply to this object.
Standards can be filtered by Compliant and Non-compliant states using the dropdown menu on the top left. Use the arrow buttons on the top right to navigate through the pages of results.
You can also:
- Click on the standard name to visit the detail page for the standard.
- Click the findings badges to view the findings.
Click the ellipsis menu on the right of a standard to:
- Rescan all checks - run all checks in this standard again on demand.
- Edit standard - edit the standard.
The findings badges on this page are color coded to indicate the highest level of severity recorded for the compliance checks with active findings. The colors represent the following:
- Gray: no findings. All checks are compliant.
- Maroon: highest severity non-compliant checks are critical severity.
- Red: highest severity non-compliant checks are high severity.
- Orange: highest severity non-compliant checks are medium severity.
- Yellow: highest severity non-compliant checks are low severity.
- Blue: highest severity non-compliant checks are informational severity.
- Slate: suppressed findings.
Keep in mind that the color on the findings badge reflects the highest level severity recorded, not the count of findings at that severity level. For example, if you see the following badge, it means there are 62 active findings and at least one of the findings is high severity. It does NOT mean there are 62 findings of high severity.
You can click on the findings badges to see a list of the findings, including their severity information.
Compliance Check Details: Projects Tab
Click the Projects tab to view information about the projects to which this check is applied, including the project name, the number of active and suppressed findings, and the date/time of the last scan. Projects can be filtered by Compliant and Non-compliant status using the dropdown menu on the top left. Use the arrow buttons on the top right to navigate through the pages of results. You can click on the project name to view the project's detail page.
Clicking the ellipsis menu on the right of a project gives you the option to:
- View findings - view findings for this project.
- View project details page - view the details page for the project.
Compliance Check Details: Accounts Tab
Click the Accounts tab to view the accounts where this check is applied, including the account name, account number, the number of active and suppressed findings, and the date/time of the last scan.
Clicking the ellipsis menu to the right of an account gives you the option to:
- Cloud Access - Log into the cloud console (if you have access to do so). Click this menu option, then click on the cloud access role you wish to use. You'll be taken directly to your console for AWS, Azure, or Google Cloud using the cloud access role you selected.
If the check is suspended/failing for any accounts due to errors, you'll see the region in which it suspended/failed (for one region) or the number of regions in which it suspended/failed (for multiple regions). You can click View Errors for more information on the regions and reasons for suspension/failure.