Walkthrough: Remediating compliance violations
In a previous walkthrough, you learned how to identify violations by leveraging the out-of-the-box CIS policies for AWS. In that walkthrough, a company that was using Amazon Simple Storage Service (S3) to store and retrieve data wanted to ensure that all data associated with S3 buckets was properly secured. Remediation action for a compliance violation with CIS policies for AWS, GCP or Azure will require the same remediation steps. In this walkthrough, you will initiate a remediation action for a compliance violation with CIS policies for AWS as an example.
Log on to BMC Helix Cloud Security with your registered credentials and create the AWS Cloud Connector.
After you have identified a compliance violation for a specific policy rule, the first step is to associate a remediation action with that rule.
Next, you need to enable the remediation action for a specific rule.
In this example, the rule is 2.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket, which has been identified as a critical violation.
A message is displayed indicating that the policy action mapping has been successfully enabled.
Note: The connector must be running for the remediation action to be successful.
The next step is to remediate the compliance violation.
Click the Violations tab.
In this example, we are interested in the violations associated with the "CIS Amazon Web Services Foundations Benchmark Policy".
To limit the display to only rules associated with that policy, select the policy from the Policy drop-down list.
Click the rule within the policy that was previously mapped to the remediation action. In this example, we need to remediate the 2.6 Ensure S3 bucket access logging is enabled on the CloudTrail S3 bucket.
Select the checkbox to the left of the resource you want to remediate.
Note: You can select more than one resource.
Click Remediate Violations. (This button is enabled only after you have selected a resource and content is available for that resource.)
The remediation action is initiated and is sent to the connector that created the resource. Note that the connector must be running for the remediation action to be successful.
A confirmation message is displayed.
From the Dashboard, view all the rules in the policy and locate the rule you selected previously.
The rule is remediated after the next collection cycle. You might have to refresh your browser to see the change in status.
Since the remediation action is similar for AWS, GCP as well as Azure, the above example will serve to assist with GCP as well as Azure.
Where to go from here
For more information about remediation, see Remediating violations.