Rules and Findings Overview¶
You can configure rules to have checks and guards on your cloud resources.
Valtix Controller has some basic pre-defined rules as follows
- Show all application load balancers with no cloud service provider WAF enabled.
- Security groups with few instances (< 5) that have ingress open. Lots of low utilization security groups can create gaps that are hard to see and may make it easy to exploit.
- Show instances with 2 or more network interfaces
- Find all Security Groups with open outbound (0.0.0.0/0) access
- Show all public subnets - all AWS subnets with auto-assign public IP enabled
- Show security groups with with too many egress ports (25 or more) open to the Internet
- Show security ports with too many ingress ports (5 or more) open to the Internet
- Security Groups with 65,535 ports open for ingress with public access enabled.
- Show all certificates expiring in 30 days
The cloud resources that match the rules, will be flagged as findings with matching severity.
The user can configure additional rules for a resource.
- Go to Discovery -> Resource-> Search on given attributes -> Add Rule
- Specify the Name, Description, Severity and Default Action
- Save the Rule.
The Default Action of the Rule can be either Info or Alert. If a rule is configured with a default action of Alert, then any new findings for the rule results in an alert notification from the Valtix Controller. The following configurations are required if you want a default action of Alert.
- Configure Alert Profile to indicate if the user wants ServiceNow, PagerDuty, or Webhook notifications.
- Configure Alert Rule of type Discovery and sub-type Insights Rule, and specify the severity.
Based on the predefined and custom rules, you can see the findings for the resources. For easy access, the findings summary is in the dashboard, and also in the summery view in the discovery section. The user can get information on all the resources that have findings.