Rules and Findings Overview¶
Rules can be configured to place checks and guardrails on your cloud resources.
Valtix Controller has some basic pre-defined rules:-
- Application load balancers with no cloud service provider WAF enabled.
- Security groups with few instances (< 5) that have ingress open. Lots of low utilization security groups can create gaps that are hard to see and may make it easy to exploit.
- Instances with 2 or more network interfaces
- Security Groups with open outbound (0.0.0.0/0) access
- Public subnets - all AWS subnets with auto-assign public IP enabled
- Security groups with with too many egress ports (25 or more) open to the Internet
- Security ports with too many ingress ports (5 or more) open to the Internet
- Security Groups with 65,535 ports open for ingress with public access enabled.
- Certificates expiring in 30 days - AWS Certificate Manager only.
The cloud resources that match the rules, will be flagged as findings with a matching severity.
The user can configure additional rules for a resource.
- Navigate to Discovery -> Inventory and select a Resource e.g. Load Balancers
- Create a Rule criteria in the text area and select Add Rule
- Specify the Name, Description, Severity and Default Action, Catergory, Resource Type, Account and the number of finding meeting the Rule criteria.
- Save the Rule.
The Default Action of the Rule can be either Info or Alert. If a rule is configured with a default action of Alert, then any new findings for the rule results in an alert notification from the Valtix Controller. The following configurations are required if you want a default action of Alert.
- Configure Alert Profile to indicate if the user wants ServiceNow, PagerDuty, or Webhook notifications.
- Configure Alert Rule of type Discovery and sub-type Insights Rule, and specify the severity.
Based on the pre-defined and custom rules, you can view the findings for the resources. For easy access, the Findings Summary is located on the Dashboard, and also in the Summary view in the Inventory section. The user can get information on all the resources that have associated Findings.