Viewing Compliance Checks

Follow

Viewing Compliance Checks

Compliance > All Compliance Checks

A compliance check performs an analysis on a cloud resource to see if it matches an undesirable configuration. You would typically use these checks to find resources with insecure configurations. For example, you could have a check for whether an S3 bucket is configured as publicly accessible. For more information, see What is a Compliance Check?

On the Compliance Checks page, you can see all the compliance checks you have permission to view. Next to each check, you can see a count of it's active and suppressed findings. Click on the findings badges to see a list of the findings. For more information, see What is a Finding?

Next to each check, there is also an ellipsis menu with available actions.

  • Rescan. Immediately run the check again.
  • View findings. Review specific compliance findings for the check. For more information, see Viewing Compliance Checks.
  • Edit check. Edit the check. For more information, see Edit a Compliance Check.
  • Clone. Create a new check using the current one as a template.
  • Delete. Delete the check.
  • View check details page. Go to the check's details page for information including the check details, activity feed, findings, standards it is a part of, and projects and accounts where it is applied.
  • Resume. If a check has been suspended, it means the check has failed multiple times and is no longer being scanned. Selecting Resume removes the suspended status, so that the check will resume scans.

Compliance Check Details: Overview Tab

Click the name of the compliance check or View details page on the ellipsis menu to view its details page, including a tab menu for the check. A More tab will display when there are more tabs than the screen can accommodate; you can click More to review the remaining menu options.

The Overview tab shows by default, which provides the following information:

Compliance Check Name and Status

  • The name of the compliance check is featured at the top of the screen.
  • A status badge will display if applicable. The Inactive badge will display if the compliance check has not yet been applied to any compliance standards. The Suspendedbadge will display if the check has failed three times due to an error with configuration or Cloud Custodian.

Compliance Check Details

  • Severity - the check severity (CriticalHigh, Medium, Low, or Informational).
  • Created - date when the check was added to Kion.
  • Check Type - shows whether the check uses Cloud Custodian (built-in engine), an Azure policy, or an external engine.
  • Cloud Provider - cloud provider associated with the check.
  • Frequency - shows how often the compliance check runs.
  • Auto Archived - shows whether auto-archiving of findings is turned on for this check. When auto-archive is turned on and a finding is remediated, it won't continue to show as an active finding, and will instead be archived automatically.
  • Description - optional description of the check.
  • View Policy link - click this link to expand the Policy section, which shows the policy code for the check.

Compliance Check Summary

  • Findings - a visual indicator showing the number of active and suppressed findings. Click the View active or View all links to go to the Findings tab, which provides detailed information about these findings.
  • Items with Active Findings - shows the number of projects with active findings. Click on View non-compliant projects to view the Projects tab with the Non-Compliant filter applied for a list of the projects with active findings.

Activity Feed

An activity feed for the compliance check. This shows the history of changes made to the check.

Compliance Check Details: Findings Tab

Click the Findings tab to view the information about the findings involving this check, including the check severity, the compliance standard name, the project name, the account name, the individual non-compliant resource, the region, and the date/time of the finding. Only active findings display by default; use the Archived and Suppressed tabs at the top of the screen to change the view to the pages for archived findings or suppressed findings. You can filter findings by standard name using the dropdown menu. Use the arrow buttons on the top right to navigate through the pages of results. You can click on the standard name, project name, or account name to visit the detail pages for those objects.

The ellipsis menu on the right of a finding will appear as a floating menu card, so you can use the menu without scrolling through all of the columns. Clicking the ellipsis menu gives you the option to:

  • Cloud access - quickly access the cloud account where this finding occurred.
  • Archive - archive the finding.
  • Suppress - suppress the finding.
  • View metadata - view metadata for the finding. The metadata field accepts JSON to allow you to send additional data not captured by Kion. For example, you can include resolution information for the finding as a URL. If this option is not displayed, there is no metadata.

Compliance Check Details: Compliance Standards Tab

Click the Compliance Standards tab to view information about the standards that include this check. 

This section displays a list of all the compliance standards that apply to this object.

Standards can be filtered by Compliant and Non-compliant states using the dropdown menu on the top left. Use the arrow buttons on the top right to navigate through the pages of results.

You can also:

  • Click on the standard name to visit the detail page for the standard.
  • Click the findings badges to view the findings.
  • Click the ellipsis menu on the right of a standard to:
    • Rescan all checks - run all checks in this standard again on demand.
    • Edit standard - edit the standard.

The findings badges on this page are color coded to indicate the highest level of severity recorded for the compliance checks with active findings. The colors represent the following:

  • Gray: no findings. All checks are compliant.
  • Maroon: highest severity non-compliant checks are critical severity.
  • Red: highest severity non-compliant checks are high severity.
  • Orange: highest severity non-compliant checks are medium severity.
  • Yellow: highest severity non-compliant checks are low severity.
  • Blue: highest severity non-compliant checks are informational severity.
  • Slate: suppressed findings.

Keep in mind that the color on the findings badge reflects the highest level severity recorded, not the count of findings at that severity level. For example, if you see the following badge, it means there are 62 active findings and at least one of the findings is high severity. It does NOT mean there are 62 findings of high severity.

You can click on the findings badges to see a list of the findings, including their severity information.

Compliance Check Details: Projects Tab

Click the Projects tab to view information about the projects to which this check is applied, including the project name, the number of active and suppressed findings, and the date/time of the last scan. Projects can be filtered by Compliant and Non-compliant status using the dropdown menu on the top left. Use the arrow buttons on the top right to navigate through the pages of results. You can click on the project name to view the project's detail page.

Clicking the ellipsis menu on the right of a project gives you the option to: 

  • View findings - view findings for this project.
  • View project details page - view the details page for the project.

Compliance Check Details: Accounts Tab

Click the Accounts tab to view the accounts where this check is applied, including the account name, account number, the number of active and suppressed findings, and the date/time of the last scan.

Clicking the ellipsis menu to the right of an account gives you the option to:

  • Cloud Access. Log into the cloud console (if you have access to do so). Click this menu option, then click on the cloud access role you wish to use. You'll be taken directly to your console for AWS, Azure, or Google Cloud using the cloud access role you selected. For more information, see Logging in to a Cloud Provider Console with a Cloud Access Role
  • View findings. Brings up a list of findings for the selected account. For more information, see What is a Finding?
  • View account details page. Takes you to the account's details page. For more information, see Viewing Accounts.

If the check is suspended/failing for any accounts due to errors, you'll see the region in which it suspended/failed (for one region) or the number of regions in which it suspended/failed (for multiple regions). You can click View Errors for more information on the regions and reasons for suspension/failure.

 

Was this article helpful?
0 out of 0 found this helpful