Skip to main content

Rules

On this page you can view a list of all the checks that have been conducted in your cloud accounts against specific rules build upon both our own, and international compliance standards.

Rules view allows you to zoom in on which rules need to be resolved to help you stay compliant.

Important

This page only contains present time information and statuses for rule compliance.

You can access the page using the Rules link in the menu on the left side of the console.

CSPM_GCP_rules_412741_en.png
  1. Your Security Brief - The number of open checks by severity level.

  2. Rules list - This section displays the current, complete list of rules that your cloud accounts are checked against every time a scan is ran. It contains the following elements:

    1. Search box - A search box you can use to customize the list of rules that is displayed on the page, based on Rule title.

    2. Rule list - A table containing a list of all currently existing rules, along with the overall scoring for your cloud accounts in complying with the rule. The table displays the following columns:

      • Rule title - The name of the GravityZone Cloud Security rule, as well as the cloud provider it applies to.

      • Scoring - Scoring displays how many resources have passed or failed a rule.

        Findings that are marked as Open, False Positive, Risk Accepted, or Needs review are considered as failed.

  3. Filters - Filters allow you customize the list of rules currently displayed on the page based on the following criteria

    • Compliance

      Filter rules by compliance standards. Customized standards are marked with a Custom label. The cloud provider icons represent the standard coverage.

    • Account

      Filter rules by onboarded accounts. The cloud provider icon shows the account provider type.

    • Region

      Filter the region the resource belongs in.

    • Tags

      Resource tags or labels that are defined in the cloud account.

      Note

      Besides the assigned tags, there are 2 additional values which may be encountered:

      • None - when the resource has no tags

      • Dash ( - ) - when the resource is not supported by the cloud provider yet

    • Resource type

      Filter rules by resource type. The cloud provider icon shows the resource provider type.

    • Severity

      Filter rule's severity.

    • Scoring

      Filter rules by Pass or Fail score.

    • Status

      Filter rules by rule status: Pass, Risk Accepted, False Positive, Needs Review.

Investigating rules

CSPM_rules_list_filter_425532_en.png

The table is sorted by scoring, from low to high.

You can customize the list of displayed rules by using one of the methods below:

  • Use the search search box above the list to filter by rule name.

  • Use the Filters in the right side of the list.

To display more information about a specific rule and what checks resulted from it, follow the steps below:

  1. Click on the rule you want to investigate.

    CSPM_rules_list_select_425532_en.png

    A list of all the scan groups where checks were made against the rule is displayed.

    CSPM_rules_list_select_2_425532_en.png
  2. Click on the scan group you want to investigate.

    All scans related to the selected rule made on scan group are displayed:

    CSPM_rules_list_select_3_425532_en.png
  3. Click on the Open link under the Status column to display additional information on why a specific check has failed.

    The Check details panel is displayed.

Edit multiple checks

When investigating rules, you can select and edit multiple checks (bulk edit) that resulted from it. To do this, follow the steps below:

Tip

You can only edit up to 50 checks at the time.

  1. Click on the rule the checks belong to.

    CSPM_rules_list_select_425532_en.png

    A list of all the scan groups where checks were made against the rule is displayed.

    CSPM_rules_list_select_2_425532_en.png

    Note

    You can click on an individual scan group to display all scans related to the selected rule made on that group.

  2. Select the checks you want to edit using the checkbox on the left side of the section.

    Tip

    You can also select a scan group; this will include all checks associated to this scan group made using this rule.

    CSPM_rules_list_select_multiple_425532_en.png

    The Bulk edit window is displayed on the lower side of the page.

    CSPM_rules_list_select_multiple_bulk_edit_425532_en.png
  3. Make the modifications you want. You have the following options:

    • Change status - change the status of the all selected checks.

      Tip

      If you select Risk Accepted, you also need to specify a period for the status change. Once this period passes, the status of all selected checks will automatically change to Open.

    • Change severity - change the severity of all the selected checks.

    • Type in a comment - this will add a comment that will be attached to the history of the check. Use these to easily track changes and why they were made.

  4. Click Save.

    The selected modifications will be applied to all selected checks. They will be recorded as a Bulk edit in the history of each check.

Export data

To export the data currently displayed in the Rules page, click the Export filtered checks button on the bottom of the Filters section.

The information is downloaded in a .CSV file.

Note

All the filters currently applied on the page are taken into consideration and only the customized information made available on the page is included in the file.