Rules
On this page you can view a list of all the checks that have been conducted in your cloud accounts against specific rules build upon both our own, and international compliance standards.
Rules view allows you to zoom in on which rules need to be resolved to help you stay compliant.
Important
This page only contains present time information and statuses for rule compliance.
You can access the page using the Rules link in the menu on the left side of the console.
Your Security Brief - The number of open checks by severity level.
Rules list - This section displays the current, complete list of rules that your cloud accounts are checked against every time a scan is ran. It contains the following elements:
Search box - A search box you can use to customize the list of rules that is displayed on the page, based on Rule title.
Rule list - A table containing a list of all currently existing rules, along with the overall scoring for your cloud accounts in complying with the rule. The table displays the following columns:
Rule title - The name of the GravityZone Cloud Security rule, as well as the cloud provider it applies to.
Scoring - Scoring displays how many resources have passed or failed a rule.
Findings that are marked as
Open
,False Positive
,Risk Accepted
, orNeeds review
are considered as failed.
Filters - Filters allow you customize the list of rules currently displayed on the page based on the following criteria
Compliance
Filter rules by compliance standards. Customized standards are marked with a Custom label. The cloud provider icons represent the standard coverage.
Account
Filter rules by onboarded accounts. The cloud provider icon shows the account provider type.
Region
Filter the region the resource belongs in.
Tags
Resource tags or labels that are defined in the cloud account.
Note
Besides the assigned tags, there are 2 additional values which may be encountered:
None - when the resource has no tags
Dash (
-
) - when the resource is not supported by the cloud provider yet
Resource type
Filter rules by resource type. The cloud provider icon shows the resource provider type.
Severity
Filter rule's severity.
Scoring
Filter rules by Pass or Fail score.
Status
Filter rules by rule status: Pass, Risk Accepted, False Positive, Needs Review.
Investigating rules
The table is sorted by scoring, from low to high.
You can customize the list of displayed rules by using one of the methods below:
Use the search search box above the list to filter by rule name.
Use the Filters in the right side of the list.
To display more information about a specific rule and what checks resulted from it, follow the steps below:
Click on the rule you want to investigate.
A list of all the scan groups where checks were made against the rule is displayed.
Click on the scan group you want to investigate.
All scans related to the selected rule made on scan group are displayed:
Click on the Open link under the Status column to display additional information on why a specific check has failed.
The Check details panel is displayed.
Edit multiple checks
When investigating rules, you can select and edit multiple checks (bulk edit) that resulted from it. To do this, follow the steps below:
Tip
You can only edit up to 50 checks at the time.
Click on the rule the checks belong to.
A list of all the scan groups where checks were made against the rule is displayed.
Note
You can click on an individual scan group to display all scans related to the selected rule made on that group.
Select the checks you want to edit using the checkbox on the left side of the section.
Tip
You can also select a scan group; this will include all checks associated to this scan group made using this rule.
The Bulk edit window is displayed on the lower side of the page.
Make the modifications you want. You have the following options:
Change status - change the status of the all selected checks.
Tip
If you select
Risk Accepted
, you also need to specify a period for the status change. Once this period passes, the status of all selected checks will automatically change toOpen
.Change severity - change the severity of all the selected checks.
Type in a comment - this will add a comment that will be attached to the history of the check. Use these to easily track changes and why they were made.
Click Save.
The selected modifications will be applied to all selected checks. They will be recorded as a
Bulk edit
in the history of each check.
Export data
To export the data currently displayed in the Rules page, click the Export filtered checks button on the bottom of the Filters section.
The information is downloaded in a .CSV
file.
Note
All the filters currently applied on the page are taken into consideration and only the customized information made available on the page is included in the file.