Compliance Reports

Note

If you’re looking for an email alert whenever Fugue detects compliance changes in an environment, see Email Notifications.

If you’re looking for a way to export compliance data in a CSV or Excel file, see Export Data.

Fugue offers two main types of compliance reports delivered by email:

Organization-Level Enterprise Compliance Reports

Fugue supports enterprise reporting for visualizing and summarizing your organization’s cloud security and compliance data. Fugue currently offers the following five organizational-level reports:

These reports are currently available by email upon request. In the future, users will be able to access and configure reports within the Fugue application. Fugue will also be adding more compliance family dashboards such as PCI and HIPAA soon.

Note

To request email delivery of these reports, contact support@fugue.co with:

  • Which reports you would like access to

  • Email address(es) for report delivery

  • Report cadence: daily, weekly, or monthly

  • Time of day you would like the reports to be sent (e.g., 9 a.m. EST)

Compliance Posture Dashboard

This report visualizes information on rule violations and compliance across all the environments in your organization. This report is particularly useful to present to senior management, and is a starting point for you to investigate potential issues.

_images/compliance_posture_dashboard.png

Current Rule Violations

This report lists all outstanding rule violations (rule results that have a “fail” state) across the organization at the most recent time. This report enables you to determine what work remains to be done by prioritizing the rule violations by severity, age of the rule violation (first detected date), and resource type.

_images/current_rule_violations.png

Resources Dashboard

This report visualizes information on resources and compliance across all the environments in your organization.

_images/resource_dashboard.png

SOC 2 Dashboard

This report lists the SOC 2 controls that have a pass, fail, or unknown result for a given resource for your entire organization.

_images/soc2_dashboard.png

CIS AWS Foundations Benchmark Dashboard

This report lists the CIS AWS controls that have a pass, fail, or unknown result for a given resource for your entire organization.

_images/cis_aws_benchmark_dashboard.png

Note

To request email delivery of these reports, contact support@fugue.co with:

  • Which reports you would like access to

  • Email address(es) for report delivery

  • Report cadence: daily, weekly, or monthly

  • Time of day you would like the reports to be sent (e.g., 9 a.m. EST)

Environment-Level Compliance Reports

Environment-level compliance reports allow you to view the compliance state of a single environment without having to log into Fugue. You may opt into the report in the Environment Settings modal within each environment.

You can specify multiple recipients, which allows you to demonstrate your compliance to executives or auditors.

These reports can be sent weekly or daily and they contain:

  • Executive summary

  • List of compliance failures by resource type

  • List of compliance failures by control

_images/compliance-report-daily-full.png

Setting up the Environment-Level Report Email

You can set up notifications from the Environment Settings page. There are two ways to access it:

  • From the target environment page: Select the Actions button in the top right of the environment page and click the cog Edit Environment link.

_images/action-button-open.gif
  • Or, from the All Environments landing page: Select the ellipsis next to the target environment and click Edit Environment Settings.

_images/compliance_email_setup.png

Once you’ve accessed the Edit Environment settings page, take the following steps:

1. Select the Reports tab, as shown below.

_images/Compliance_Report_Modal.png

2. Check the Enable Compliance Report Emails checkbox.

3. In the Recipient Emails field, enter the email address(es) to which you want to send the report. Press the Tab key to add additional email addresses if needed and press Delete to delete an address.

4. From the Report Frequency drop-down, select Daily or Weekly.

Note

The email is sent weekly on Monday morning EST or daily in the morning EST.

5. Check the Send the Report Now? checkbox if you want the report to be sent out right after saving your changes. This allows you to view the compliance report email right away and not wait for the weekly or daily cadence.

6. Click the Save Changes button.

Compliance report emails are set per environment, allowing you to configure different settings for different environments.