Identifying violations

BMC Helix Cloud Security (Cloud Security) enables you explore the results and identify specific resources that are not compliant with out-of-the-box policies.

To access the latest information about this topic and all Cloud Security releases, check out the Release notes and notices.

To open the Violations page, perform one of the following actions:

  • From the Dashboard, click Violations in the navigation bar.
  • From the Non Compliant Rules widget, click one of the following elements:
    • To show a summary of the data by severity, click By Severity. Clicking a section of the widget displays the Violations page with the Severity filter automatically set to the severity represented in the widget, from which you can traverse directly to a specific rule.
    • To show a summary of the data by age, click By Age. Clicking a section of the widget or the numeric/percentage area below the widget displays the Violations page with all filters set to the default states, from which you can traverse directly to a specific rule.

From the Violations page you can perform the following actions:

Customizing data on the Violations page

The Violations page displays a list of rules that are evaluated by Cloud Security. For each rule, the list shows the total number of resources that are evaluated, the count of resources that are compliant, non-compliant, or indeterminate, the associated connector and policy, and the severity level.

The Violations page contains the following information:

  • Rule: Shows the rule that is evaluated
  • Connector: Shows the connector associated with a specific rule
  • Policy: Shows the name of the policy associated with a specific rule
  • Severity: Shows the severity of rule violation such as High, Medium, Low or Critical
  • Resources: Shows the number of resources in a specific policy
  • Resource Evaluation: Shows a thermometer view of the number of resources that have evaluated to true.
    For example, 235/244 indicates that 235 of the 244 resources have evaluated to true for a specific policy.
  • Remediation Trigger:  Shows the status of remediation assigned to the violation. 

Back to top

Actions available on the widget

From the Non Compliant Rules widget, click one of the following elements:

  • To show a summary of the data by severity, click By Severity. Clicking a section of the widget displays the Violations page with the Severity filter automatically set to the severity represented in the widget, from which you can traverse directly to a specific rule.
  • To show a summary of the data by age, click By Age. Clicking a section of the widget or the numeric/percentage area below the widget displays the Violations page with all filters set to the default states, from which you can traverse directly to a specific rule.

Back to top

Actions available on the Violations page filter bar

The filter bar on the Violations page contains the following menus and options:

MenuActions
Connector
  • Select all connectors (default)
  • Search for specific connectors in search bar
  • Select one or more connectors from menu
  • Clear selected items
Tags
  • Select all tags (default)
  • Search for specific tags in search bar
  • Select one or more tags from menu
  • Match criteria for individual tags (Any or All)
  • Clear selected items
Resource Type
  • Select all resource types (default)
  • Search for specific resources type in search bar
  • Select one or more resources from menu
  • Clear selected items
Policy
  • Select all policies
  • Search for specific policies in search bar
  • Select one or more policies from menu
  • Clear selected items
Severity
  • Select all severity levels (default)
  • Select one or more of the following severity levels from menu:
    • Critical
    • High
    • Medium
    • Low
  • Clear selected items
Scan Period
  • Select all severity levels
  • Select one or more of the following scan periods from menu:
    • Last 24 hours
    • Last 7 days
    • Last 14 days
    • Last 30 days
    • Till Date
  • Clear selected item
Exceptions
  • Select all exceptions
  • Select one or more exceptions from menu
  • Clear selected items
Age
  • Select one or more of the following age periods from menu:
    • Last 24 hours
    • Greater than 15 days
    • Between 8 and 15 days
    • Less than 7 days
    • Last 24 hours
  • Clear selected item
Evaluation Status
  • Select all evaluation status levels
  • Select one or more of the following status levels from menu:
    • Compliant
    • Indeterminate
    • Non-Compliant
    • Compliant with Exception
  • Clear selected items
Resource Pools

Resource Pools allow you to logically group your resources, associated with them.

Account

Account is a field where number or names are generated when we run the connector as per the configuration of the various accounts done. (eg: AWS, GCP, Azure) etc...


As shown in image below:


From the Violations page, you can perform the following actions on the filter:

  • Type a keyword of 3 or more characters in the Enter Search Keyword field to narrow down the search, and then press Enter.
  • Click the tiny inverted caret icon  in the heading row of the headings on the filter bar to select one or more check boxes, and then click anywhere on the screen. These selections help you to further narrow down the search.
  • Clear the retrieved results by clicking Clear under the Select Scan Period menu in the filter bar.
  • Click the column header to sort by ascending or descending order for Rule, Connector, Policy, or Severity. Resources and Resource Evaluation columns cannot be sorted.
  • Click a link in the Rule column to view additional details for the selected rule.

Back to top

Remediation of violations

From the violations page, you can enable or disable remediation of violations to associated polices.

  • To enable remediation, first select the violation/violations that need to undergo remediation and click on Remediation Actions and then choose the type of remediation preferred from the following:
  1. Auto Remediation: Remediation action takes place automatically if the selected rule name has been violated.
  2. On-Demand Remediation: Remediation action takes place according to user discretion if the selected rule name has been violated.
  • To disable remediation, click on Actions and then choose the option Disabled from the cascading menu. 


Back to top

Viewing the details of an evaluated rule

On the Violations page, click a link in the Rule column to view additional details for the selected rule.

The Violations Details page shows the List of Resources, which includes the name of the policy to which the rule belongs and the reference ID (an identification for a given rule defined by a user or a regulatory framework), their type, the time when they were last scanned, the time since the status of the resource in a specific state (age of violations), the status of the remediation, and (if applicable) an exception flag.

For rules for which an exception has already been created, a red flag displays. When you hover over the flag, a banner displays indicating that the resource is marked as an exception. When you click the flag, you can add to an existing exception by creating a new one. Note that the corresponding resource may still show a status of Compliant, as shown in the following illustration.

For rules for which an exception has not yet been created, a gray flag displays when you hover over the icon. In this case, you can create a new exception (the first one associated with that resource).
For rules for which an exception has already been created, a red flag displays. When you hover over the flag, a banner displays indicating that the resource is marked as an exception. When you click the flag, you can add to an existing exception by creating a new one. Note that the corresponding resource may still show a status of Compliant, as shown in the following illustration.

For rules for which an exception has not yet been created, a gray flag displays when you hover over the icon. In this case, you can create a new exception (the first one associated with that resource).

In the filter bar, Click the tiny inverted caret icon  in the heading row of the Tags, Resource Type, or Evaluation Status menus to select one or more check boxes for resources, and then click anywhere on the screen.

These selections help you to further narrow down the search. Alternatively, type a keyword of 3 or more characters in the Enter Search Keyword field to narrow down the search, and then press Enter. Clear the retrieved results by clicking Clear.

In the List of Resources column, click the tiny caret icon  to expand the policy rules associated with the resource and the corresponding value returned after evaluating the rule, and to view further details about a specific resource, and then click one of the following tabs:

  • Variable Details: Shows the variables and their corresponding values
  • Resource Results: Shows the conditions and their corresponding return values
  • Expression: Shows the JSON query used to evaluate the rule.
  • Exceptions: (Displays only when an exception has been associated with that resource. An exception flag also displays in the row of the resource.) Shows any exceptions associated with the rule.

Choose Export and select Export to PDF to export the data to a PDF report that shows details for a specific rule that is evaluated by BMC Helix Cloud Security. For the selected rule, the report shows step-by-step evaluation details for each variable within a resource.

Click Remediate Violations to remediate selected violations on the page. 

Back to top

Performing next steps

For additional information about remediation, see Remediating violations.

To remediate a violation by following a specific use case, see Walkthrough: Identifying CIS violations for AWS.

Was this page helpful? Yes No Submitting... Thank you

Comments