×
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
 
 
BMC Helix Cloud Security ... Getting Started Walkthroughs

Walkthrough: Remediating compliance violations

In a previous walkthrough, you learned how to identify violations by leveraging the out-of-the-box CIS policies for AWS. In that walkthrough, a company that was using Amazon Simple Storage Service (S3) to store and retrieve data wanted to ensure that all data associated with S3 buckets was properly secured. Remediation action for a compliance violation with CIS policies for AWS, GCP or Azure will require the same remediation steps. In this walkthrough, you will initiate a remediation action for a compliance violation with CIS policies for AWS as an example.

Scenario

A company has identified critical violations to AWS policies whereby access to the S3 bucket CloudTrail logs has not been restricted.

StepExample screen

Log on to BMC Helix Cloud Security with your registered credentials and create the AWS Cloud Connector.

After you have identified a compliance violation for a specific policy rule, the first step is to associate a remediation action with that rule.

  1. Select Manage > Policies.
  2. From the displayed list of policies that have been imported, click a policy to view the rules that apply to that policy. In this example, we are using the CIS Amazon Web Services Foundations Benchmark Policy.
    .

Next, you need to enable the remediation action for a specific rule.

In this example, the rule is 2.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket, which has been identified as a critical violation. 

  1. Select the checkbox for the rule.
  2. Click the Actions drop-down and choose your remediation preference from the following options:
    1. Enable Remediation (Auto): Remediation action takes place automatically if the selected rule name has been violated.
    2. Enable Remediation (On Demand): Remediation action takes place according to user discretion if the selected rule name has been violated.
    3. Disable Remediation: Remediation will be disabled.

A message is displayed indicating that the policy action mapping has been successfully enabled.

Note: The connector must be running for the remediation action to be successful.

The next step is to remediate the compliance violation.

Click the Violations tab.

In this example, we are interested in the violations associated with the "CIS Amazon Web Services Foundations Benchmark Policy".

To limit the display to only rules associated with that policy, select the policy from the Policy drop-down list.

Click the rule within the policy that was previously mapped to the remediation action. In this example, we need to remediate the 2.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.

 

Select the checkbox to the left of the resource you want to remediate.

Note: You can select more than one resource.

 

Click Remediate Violations. (This button is enabled only after you have selected a resource and content is available for that resource.)

The remediation action is initiated and is sent to the connector that created the resource. Note that the connector must be running for the remediation action to be successful.

A confirmation message is displayed.

From the Dashboard, view all the rules in the policy and locate the rule you selected previously. 

The rule is remediated after the next collection cycle. You might have to refresh your browser to see the change in status.

 

Note:

Since the remediation action is similar for AWS, GCP as well as Azure, the above example will serve to assist with GCP as well as Azure.

Where to go from here

For more information about remediation, see Remediating violations.

Was this page helpful? Yes No Submitting... Thank you
Last modified by Shubhangi Mahajan on Apr 08, 2020

Comments

Log in or register to comment.

Multiple AWS Accounts Support
Onboarding
© Copyright 2017-2021 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2022 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.