Families (beta)

Fugue’s Families page is accessible from the Rules link in the upper-right corner of the UI. It lists all the Fugue and custom compliance families associated with your organization. You can search, sort, and filter the list.

_images/families_page.png

Ready to begin? Below are general instructions for creating and managing custom families with Fugue via the Families page (UI).

In a hurry? Jump ahead:

Note

The creating custom families is currently in beta.

Viewing Families - UI

You can view a list of compliance families on the Families page, accessible from the upper-right corner of the UI. The Families page displays all Fugue and custom compliance families for an organization. To view only custom families, enter the search term source:custom.

_images/custom-families.png

For more information about navigating the Families page, including tips on searching and sorting, see Searching and Filtering the Families Page - UI.

Searching & Filtering Families - UI

Note

Once filters and/or search terms are applied, you can share them via URL.

Searching for Families

Use the Enter key to search by a keyword. You can enter multiple queries by using Tab after each one.

The Families search supports key:value syntax for the following search terms:

name

Compliance family name (e.g.,CIS AWS (v1.4.0), CIS, or CIS AWS Foundations Benchmark (v1.4.0))

provider

Cloud provider: aws, aws_govcloud, azure (for Azure and Azure Government), or google

source

Family source: Custom or Fugue

description

The description for the family (e.g., CIS AWS Foundations Benchmark is a set of configuration guidelines)

recommended

Displays the list of recommended families: true, false, t, or f

Filtering for Families

You can filter on the Families page by selecting the filter icon, as shown below.

_images/filter_families.gif

This opens the filter panel. You can filter by:

  • Provider (i.e., AWS, AWS GovCloud, Azure, or Google)

  • Type (i.e., Custom or Fugue)

Sorting and Pagination

You can sort the compliance families by name and provider. Default is in alphabetical order by compliance family name.

The active sorted column shows a single arrow. Select the arrow to reverse the direction:

_images/name_families.png

The inactive sortable column shows a double arrow. Select the double arrow to make it active:

_images/provider_families.png

If you have more than 10 compliance families, you’ll see a drop-down menu below the table of compliance families. You can choose to show 10, 20, 50, or 100 rows per page:

_images/compliance_families_pagination.png

Creating Custom Families - UI

To create a custom family, follow the steps below:

  1. Navigate to the Families page.

  2. Click Create Family.

  3. In the Create New Family side panel, enter the following information:

    1. Enter the Family Name.

    2. Enter the Description.

    3. Check or uncheck the Recommended checkbox. When checked, the family is added to the recommended compliance families list when creating a new environment. See Compliance for more information.

    4. Check or uncheck the Always Enabled checkbox. When checked, the family is automatically applied on all scans for every environment in this tenant.

    5. Optionally, select a compliance family to clone. The rules from the selected compliance family are copied to your newly created custom compliance family. You can add and remove rules to an existing custom compliance family on the Rules page.

  4. Click Create Family.

_images/create_custom_family_UI.png

Modifying Custom Families - UI

Note

Fugue family names and descriptions cannot be edited.

To modify a custom family, follow the steps below:

  1. Navigate to the Families page.

  2. Select the compliance family you want to edit and select Edit Family.

_images/Edit_Family.png

3. The Edit Family panel opens.

4. Update the Name.

5. Update the Description.

6. Check or uncheck the Recommended checkbox. When checked, the family is added to the recommended compliance families list when creating a new environment. See Compliance for more information.

7. Check or uncheck the Always Enabled checkbox. When checked, the family is automatically applied on all scans for every environment in this tenant.

8. Click Update Family.

Note

You can add or remove rules from a custom compliance family on the Rules page. Refer to Editing an Existing Custom Family for more information.

Viewing Rules for a Compliance Family - UI

To view rules for a compliance family, follow the steps below:

  1. Navigate to the Families page.

  2. Select the compliance family and select View Rules.

  3. You are redirected to the Rules page with the selected compliance filtered applied.

_images/view-rules-family.gif

Deleting Custom Families - UI

To delete a custom family, follow the steps below:

  1. Navigate to the Families page.

  2. Select the compliance family you want to edit and select Delete Family.

  3. Click Delete Family.

Note

You cannot delete Fugue-defined families. You can only delete custom families.

Sharing Families between Tenants - UI (limited beta)

Note

Fugue’s sharing families between tenants feature is now available for Enterprise Customers utilizing Fugue Organizations. To request access, contact support@fugue.co.

Admin users in the root tenant can share families (Fugue or Custom) to the child tenants that belong in the Organization. Admin root users share a family from the root tenant to the child tenants. Child tenants cannot share families to other child tenants or the root tenant.

Additionally, only an Admin user in the root tenant can edit a shared family. If the admin user in the root tenant switches to a child tenant, they cannot edit the shared family.

When an Admin user in the root tenant shares a family, child tenants gain access to the configuration options and custom rules (when applicable). Once a family is shared to child tenants, users in the child tenant cannot make edits to the family and this includes:

  • Adding or removing rules from the family

  • Editing the family (i.e., name, description, recommended, always enabled, associated rules)

  • Enabling or disabling custom rules from the family. Users can still enable or disable Fugue rules within their tenant.

Note

If you share a family that contains custom rules, users in the child tenants cannot enable or disable the rule states, because there is only one “version” of that rule effectively to the user.

To share a family to child tenants, follow the steps below:

  1. In the root tenant, navigate to the Families page.

  2. Select the compliance family > select Share Family > and click Save.

  3. Click Edit Family and check the Always Enabled checkbox. This ensures that a family is always ran in the child tenant. Refer to Modifying Custom Families -UI for more information.

  4. Click Update Family.

Note

You must be assigned the Admin policy in the root tenant to have the permissions needed to share families to child tenants within your organization. For more information, see RBAC.