What can CSPM not do?
It is not an asset management tool.
It does not currently provide any incident management response and automated remediation.
What is a mandate?
Mandates are regulatory requirements, best practice standards or compliance frameworks designed by Security/business driven certification communities and/or government bodies.
What is a policy?
A policy is a set of configuration checks that will assess different resources collected from your cloud account. A policy is made up of controls.
What is a control
A control is a configuration check. Each check applies to a specific service/resource. Here are some examples:
MFA should be enabled for console user - applies to AWS IAM Service and IAM User Resource
Password policy should have upper case letter enforced - applies to AWS IAM Service
Security group should not allow inbound access on port 22 from 0.0.0.0 - applies to EC2/VPC services and Security Group Resource
What is a resource?
A Resource is an entity that you can work with. The following resources will be discovered after creation of a connector:
Auto Scaling Group
EBS Volume
IAM User
Instance
Internet Gateway
Lambda Function
Load Balancer
Network ACL
RDS
Route Table
S3 Bucket
Security Group
Subnet
VPC
Pass/Fail - In an interactive report, the Control Pass/Fail displays the compliance status for a particular control.
Control Passed - Each control is applicable to a specific resource type. For each control, applicable resources are collected. The control checks whether the particular attribute of a resource is configured as per best practices. The control is passed when the attribute that the control is checking is found configured as per the desired configuration for all the applicable resources collected.
Control Failed - A control is considered failed when an attribute of the control being checked is not configured as per the desired configuration for any of the applicable resources collected. Resource Passed Resource is considered passed for a control if it’s attribute is configured as per the desired configuration in the control. Resource Failed Resource is considered failed for a control if it’s attribute is not configured as per the desired configuration in the control.
Resource Passed - Resource is considered passed for a control if it’s attribute is configured as per the desired configuration in the control.
Resource Failed - Resource is considered failed for a control if it’s attribute is not configured as per the desired configuration in the control.
How long are my reports retained?
Report data is kept for 13 months.
Why are reports restricted to being refreshed once every 4 hours?
Due to limitations on how often API’s for Azure, AWS and GCP can be accessed, we have limited this to four hours in order to prevent access or security issues caused by too many API calls.
Are there limitations to creating reports?
Currently the only limitation is that a report (Mandate + Connector) can not be the same as an existing report.
What is a datalake?
What can be done with the datalake?
When should reports be refreshed?
Is there a limit to number of connectors?
Is there a limit on number of reports?
Can I export data from the datalake?
Do reports automatically update?
What do I do if my connector shows offline or pending?