Reports & Dashboards

Note

Other ways to access compliance information:

  • Compliance Report Email – receive a daily or weekly compliance overview of one environment

  • Notifications – get notified of compliance changes in an environment

  • Export Data – download a CSV or Excel file of compliance data for an entire organization

Fugue’s Reports page contains several predefined reports and dashboards that show different aspects of an organization’s compliance state:

Selecting a dashboard or report displays it within the UI with default values set for the filters. You have the following options:

_images/reports-page-1.png

Compliance Posture Dashboard

The Compliance Posture Dashboard allows you to visualize information on rule violations by severity, service, environment, as well as resource compliance and control evaluations over time.

_images/compliance-posture-dashboard.png
  • Rule Violations (Total)

  • Critical Rule Violations (Total)

  • High Rule Violations (Total)

  • Rule Violations By Severity (Total)

  • Rule Violations By Service (Total)

  • Rule Violations By Environment (Total)

  • Rule Violations Over Time (Total) (does not support drills)

  • Resource Noncompliant Over Time (Percentage) (does not support drills)

  • Control Evaluations By Family (Percentage)

Compliance Posture Dashboard Filters

You can filter by:

  • Cloud provider

  • Environment(s)

  • Data from (time frame)

Current Rule Violations

Current Rule Violations allows you to view details in tabular format on outstanding rule violations and filter by severity, resource type, rule, and more. (Does not support drills.)

_images/current-rule-violations.png

Current Rule Violation Filters

You can filter by:

  • Cloud provider

  • Environment(s)

  • Rule severity level

  • Resource type

  • Provider account ID

  • Compliance family

Current Rule Results

The Current Rule Results allows you to view details in tabular format on rule results data, including information on resource tags.

_images/current_rules_report.gif

Current Rule Results Filters

You can filter by:

  • Environments

  • Provider

  • Account ID

  • Rule Name

  • Rule ID

  • Rule Results

  • Severity

  • Resource Type

  • Tag

  • Control

  • Compliance Family

Resources Dashboard

The Resources Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time.

_images/resources-dashboard.png
  • Scanned Resources (Total)

  • Noncompliant Resources (Total)

  • Resource Noncompliance (Percentage)

  • Resource Noncompliance Over Time (Percentage) (does not support drills)

  • Resource Noncompliance by Type (Total and Percentage) (does not support drills)

  • Noncompliant Resources Over Time (Total)

  • Noncompliant Resources with Critical/High Rule Violations (Total)

  • Noncompliant Resources by Environment (Total)

Resources Dashboard Filters

You can filter by:

  • Cloud provider

  • Environment(s)

  • Data from (time frame)

Resources Report

The Resources Report allows you to view details in tabular format regarding resources, their compliance status, and the rule results that impact that status. (Does not support drills.)

_images/resources-report.png

Resources Report Filters

You can filter by:

  • Environment(s)

  • Cloud provider

  • Resource type

  • Provider account ID

  • Resource compliance

  • Compliance family

  • Whether the resource has rule results

Compliance Family Dashboards

CIS AWS (v1.2.0) Dashboard

The CIS AWS (v1.2.0) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for CIS AWS (v1.2.0).

_images/cis-aws-dashboard.png
  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

CIS AWS (v1.2.0) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

CIS Azure (v1.1.0) Dashboard

The CIS Azure (v1.1.0) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for CIS Azure (v1.1.0).

_images/cis-azure-dashboard.png
  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

CIS Azure (v1.1.0) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

SOC 2 (2017) Dashboard

The SOC 2 (2017) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for SOC 2 (v2017).

_images/soc-2-dashboard.png
  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

SOC 2 (2017) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

PCI DSS (v3.2.1) Dashboard

The PCI DSS (v3.2.1) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for PCI DSS (v3.2.1).

_images/pci-dashboard.png
  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

PCI DSS (v3.2.1) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

GDPR (v2016) Dashboard

The GDPR (v2016) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for GDPR (v2016).

  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

GDPR (v2016) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

HIPAA (v2013) Dashboard

The HIPAA (v2013) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for HIPAA (v2013).

  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

HIPAA (v2013) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

ISO 27001 (v2013) Dashboard

The ISO 27001 (v2013) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for ISO 27001 (v2013).

  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

ISO 27001 (v2013) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

NIST (vRev4) Dashboard

The NIST (vRev4) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for NIST 800-53 (vRev4).

  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

NIST (vRev4) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

CIS AWS (v1.3.0) Dashboard

The CIS AWS (v1.3.0) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for CIS AWS (v1.3.0).

  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

CIS AWS (v1.3.0) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

CIS Controls (v7.1) Dashboard

The CIS Controls (v7.1) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for CIS Controls (v7.1).

  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

CIS Controls (v7.1) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

CSA CCM (v3.0.1) Dashboard

The CSA CCM (v3.0.1) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for CSA Cloud Controls Matrix (v3.0.1).

  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

CSA CCM (v3.0.1) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

CIS Docker (v1.2.0) Dashboard

The CIS Docker (v1.2.0) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for CIS Docker Benchmark (v1.2.0).

  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

CIS Docker (v1.2.0) Dashboard Filters

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

CIS Google (v1.1.0) Dashboard: Beta

The CIS Google (v1.1.0) Dashboard allows you to visualize information on resource compliance by resource type, severity, and environment over time for CIS Google (v1.1.0).

  • Controls Evaluated (Total)

  • Noncompliant Controls (Total)

  • Control Noncompliance (Percentage)

  • Control Compliance By Category (Percentage)

  • Noncompliant Controls By Environment (Total)

  • Noncompliant Resources By Service (Total)

  • Control Noncompliance Over Time (Percentage)

CIS Google (v1.1.0) Dashboard Filters: Beta

You can filter by:

  • Data from (time frame)

  • Cloud provider

  • Environment(s)

How to Filter a Report or Dashboard

To apply one or more filters to a report, follow the steps below:

1. Select the desired report or dashboard from the Reports page.

2. Select the Filters dropdown:

_images/reports-filters-dropdown.png

3. Next to the category you want to filter by, select a condition from the dropdown menu (“is equal to,” “contains,” etc.):

_images/reports-select-condition.png

4. For Provider, Environment, or Severity filters, click inside the text box to the right of the condition. A dropdown menu will appear. (Note that not all reports have all filters.)

_images/reports-select-property-dropdown.png

5. Select one or more properties from the property dropdown menu. You can start typing, and the field will suggest autocompletions:

_images/reports-select-properties-autocomplete.png

6. For the Data From filter, enter a time frame and a number (e.g., “days” and “30”):

_images/reports-filter-data-from.png

7. Repeat as needed to apply additional filters.

8. Select the Run button:

_images/reports-filter-run.png

How to Create an Alert

To set up an email alert when a metric breaches a specified threshold, follow the steps below:

1. Select the desired report or dashboard from the Reports page.

2. Optionally apply filters to the report. The filters will also be applied to the alert.

3. Hover over the specific report you’d like to be alerted about and select the “Alerts” (bell) icon that appears:

_images/report-alert-icon.png

4. The metric is pre-selected for you (e.g., “Total Rule Results”). Select a condition (“is greater than,” “is less than,” etc.) and enter a threshold. When the threshold is breached, the alert will trigger.

_images/report-alert-configure.png

5. The email delivery method is preselected for you. Enter one or more email addresses in the field below it.

6. Select the desired frequency of the alert.

7. Select Save Alert.

How to Edit or Duplicate an Alert

To edit or duplicate an existing alert, follow the steps below:

1. Select the desired report or dashboard from the Reports page.

2. Hover over a specific report. If alerts exist for the report, the “Alert” (bell) icon shows the number:

_images/report-alert-existing.png

3. Select the “Alert” (bell) icon to see a list of alerts:

_images/report-list-alerts.png

4. Select the three dots (“Alert Options”) icon and select Edit Alert or Duplicate Alert:

_images/report-alert-options.png

5. Make your changes and select Save Alert.

How to Delete an Alert

To delete an existing alert, follow the steps below:

1. Select the desired report or dashboard from the Reports page.

2. Hover over a specific report. If alerts exist for the report, the “Alert” (bell) icon shows the number:

_images/report-alert-existing.png

3. Select the “Alert” (bell) icon to see a list of alerts:

_images/report-list-alerts.png

4. Select the three dots (“Alert Options”) icon and select Delete Alert:

_images/report-alert-options.png

5. Select Yes, delete alert:

_images/report-alert-delete.png

How to Download a Report

You can download a report by PDF or CSV. You can also drill down into most reports and download the results.

PDF

To download a report by PDF, follow the steps below:

1. Select the cog icon in the upper-right of the UI:

_images/reports-cog.gif

2. Select Download as PDF…

_images/reports-pdf-prompt.png

3. Optionally specify a filename and expand Advanced Options to select single column format, expand tables, or set paper size.

4. Select Open in Browser to generate and load the PDF in your browser window, or Download to download the PDF.

CSV

To download a report by CSV, follow the steps below:

1. Select the cog icon in the upper-right of the UI:

_images/reports-cog.gif

2. Select Download as CSVs to download a ZIP containing a CSV file for each report in the dashboard.

How to Send a Report by Email

To send a report by email, follow the steps below:

1. Select the cog icon in the upper-right of the UI:

_images/reports-cog.gif

2. Select Send.

3. Specify the following information:

  • Title

  • Recipient email address(es) – enter address and select Add

  • Custom message (optional; this will appear in the body of the email)

  • Data format: PDF, Visualization (PNG), CSV ZIP file

  • Filters (optional) To send reports for a specific environment, provider, etc., expand the Filters drop-down. The filter options vary based on the selected report. Specify the filter criteria.

  • Advanced options (optional): Select single column layout, expand tables, set paper size

_images/report-send-email-filters.png

4. Select Send.

How to Schedule a Report by Email

To schedule a report by email, follow the steps below:

1. Select the cog icon in the upper-right of the UI:

_images/reports-cog.gif

2. Select Schedule.

3. If there’s already an existing scheduled email, select New. If there are no scheduled emails, a new one is created by default.

_images/report-schedule-new.png

4. Specify the following information:

  • Name of scheduled email

  • Recipient email address(es) – enter address and select Add

  • Custom message (optional; this will appear in the body of the email)

  • Data format: PDF, Visualization (PNG), CSV ZIP file

  • Trigger: Repeating interval is currently the only supported trigger

  • Delivery schedule: Daily, Weekly, Monthly, Hourly, By Minute and what time the email should be delivered

  • Filters (optional) To send reports for a specific environment, provider, etc., expand the Filters drop-down. The filter options vary based on the selected report. Specify the filter criteria.

  • Advanced options (optional): Select single column layout, expand tables, set timezone, set paper size

_images/report-schedule-email-filters.png

5. Optionally, select Send Test. This sends a test email to all of the specified addresses.

6. Select Save All.

How to Edit a Scheduled Email

To edit a scheduled email, follow the steps below:

1. Select the cog icon in the upper-right of the UI.

2. Select Schedule.

3. Select the email name from the Schedules list:

_images/report-schedule-edit.png

4. Make your changes and select Save All.

How to Delete a Scheduled Email

To delete a scheduled email, follow the steps below:

1. Select the cog icon in the upper-right of the UI.

2. Select Schedule.

3. Hover over the scheduled email you’d like to delete and select the X that appears:

_images/report-schedule-delete.png

4. Select Save All.

How to Duplicate a Scheduled Email

To duplicate a scheduled email, follow the steps below:

1. Select the cog icon in the upper-right of the UI.

2. Select Schedule.

3. Hover over the scheduled email you’d like to duplicate and select the Duplicate (copy) icon that appears:

_images/report-schedule-duplicate.png

4. Customize the duplicate and select Save All.

How to Unsubscribe from a Scheduled Email

Users can unsubscribe to scheduled emails by selecting the “unsubscribe” link in the email body.

Sending the Report to an Amazon S3 Bucket Using an IAM Role

Fugue provides the ability to send and schedule report data to Amazon S3 using a trusted IAM role. This prevents the need to generate long-standing AWS Access Keys, instead relying on a trusted IAM policy to delegate access to your S3 bucket to Fugue, a general best practice when dealing with credentials.

Note

Fugue recommends that you create a separate S3 bucket for receiving data deliveries, if possible. See Creating a Bucket.

You can schedule reports to be delivered to an Amazon S3 bucket of your choice using an IAM Role. This is a two step process.

Create a Sufficently Permissioned IAM role

To provide the required parameters, you will need to create an S3 Bucket and associated IAM role in the same AWS Account to grant permissions to Fugue to upload data when your data send or schedule is executed.

This IAM role should specify the following IAM Policy and Trust Relationship, replacing the following placeholders:

  • bucket-name: Name of the S3 Bucket where files should be uploaded. See Creating a Bucket.

  • optional-s3-path: Optional path where files should be placed. Leave this empty to have them placed in the root of the bucket.

  • aws-kms-key-arn: The ARN of the AWS Key Management Service used to encrypt data within your S3 bucket. Fugue strongly recommends you utilize an SSE-KMS encryption when creating S3 Buckets, with a specific key being created and only used for this bucket. This will ensure your S3 Buckets will be compliant with various Fugue Rules and general S3 best practices. If your target S3 Bucket utilizes Amazon S3 key (SSE-S3) or no encryption, you may omit the entire “KMS” section of this policy when creating your IAM role.

  • external-id-value: When assuming your Role, Fugue will utilize this External ID value in the same way it does for AWS Environment Role Assumption. You can learn more about External IDs here, but in general, they prevent others from assuming this role and using it for other purposes. Instructions for retrieving your External ID value in Fugue can be found here.

To create a sufficiently permissioned IAM role:

1. Navigate to IAM.

2. In the left navigation, select Roles.

3. Click Create role.

4. In select type of trusted entity, select AWS service > S3 > S3 (Allows S3 to call AWS services on your behalf). Click Next: Permissions.

5. Select Create policy. The Create policy workflow opens in a new tab.

6. In Create policy, select the JSON tab.

7. Enter the following information:

  • Replace #<your-bucket-name>/<optional-s3-path> with your S3 bucket name and optionally, include the path (line 13).

  • Replace #<aws-kms-key-arn> with your KMS Key encrypted for objects stored in your S3 bucket. If you did not use SSE-KMS on your S3 bucket, delete this section of the policy (line 28).

  • Replace #<your-bucket-name> with your S3 bucket name (line 33).

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "S3Object",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:AbortMultipartUpload",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::<your-bucket-name>/<optional-s3-path>/*"            ]
        },
        {
            "Sid": "KMS",
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt",
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:GenerateDataKeyWithoutPlaintext",
                "kms:GenerateDataKeyPairWithoutPlaintext",
                "kms:GenerateDataKeyPair"
            ],
            "Resource": [
                "<aws-kms-key-arn>"            ]
        },
        {
            "Sid": "S3Bucket",
            "Effect": "Allow",
            "Action": "s3:ListBucketMultipartUploads",
            "Resource": "arn:aws:s3:::<your-bucket-name>"        }
    ]
}

8. Click Next: Tags. (Optionally) Add tags and click Next: Review.

9. Enter a Name for your policy. (Optionally) Enter a Description for your policy. Click Create policy.

10. Navigate back to the Roles tab and click the refresh icon.

11. In the search field, enter the name of the newly created policy and select it.

12. Click Next: Tags. (Optionally) Add tags and click Next: Review.

13. Enter a role name and click Create role.

14. On the Roles page, search and select your newly created role.

15. Select Trust relationships > Edit trust relationship.

16. In Edit Trust Relationship, enter the following information in the Policy Document section:

  • Replace #<external-id-value> with your external ID. Instructions for retrieving your External ID value in Fugue can be found here (line 12).

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::370134896156:role/ReportIntegrationRole"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "<external-id-value>"        }
      }
    }
  ]
}

17. Click Update Trust Policy.

Schedule the Report to be Sent to an AWS S3 Bucket

To schedule the report to be sent to an Amazon S3 bucket:

1. Select the cog icon in the upper-right of the UI:

_images/reports-cog.gif

2. Select Schedule.

3. If there’s already an existing scheduled email, select New. If there are no scheduled emails, a new one is created by default.

4. Specify the following information:

  • Name of scheduled email.

  • In where should this data go, select Amazon S3 (IAM).

  • In Amazon S3 (IAM), enter the following information:

    • In Bucket, enter the bucket name. See Creating a Bucket.

    • (Optionally) Enter the path where files should be placed (e.g., folder/sub1/sub2). Leave this empty to have them placed in the root of the bucket.

    • Enter your IAM Role.

    • Select the Region in which your S3 bucket lives.

    • From Send All Results, select Yes or No.

  • In Format data as, select PDF, Visualization (PNG), or CSV ZIP file.

  • In Trigger, select Repeating interval, which is currently the only supported trigger.

  • In Delivery schedule, select Daily, Weekly, Monthly, Hourly, or By Minute and what time the report should be delivered.

  • (Optionally) In Filters, expand the drop-down and select to send reports for a specific environment, provider, etc. The filter options vary based on the selected report. Specify the filter criteria.

  • (Optionally) In Advanced options, expand the drop-down and select single column layout, expand tables, set timezone, set paper size.

5. (Optionally) Click Send Test.

6. Click Save All.

The report sent to your AWS S3 bucket includes the date/time.

Sending the Report to an Amazon S3 Bucket Using Access Key

You can schedule reports to be delivered to an Amazon S3 bucket of your choice using an Access Key.

Note

There is a limit of 5,000 rows of data being sent using the Access Key. As a best practice, Fugue recommends using an IAM Role to send/schedule the reports. Refer to Schedule a report to be sent to an AWS S3 bucket using IAM Role for more information.

To schedule the report to be sent to an Amazon S3 bucket:

1. Select the cog icon in the upper-right of the UI:

_images/reports-cog.gif

2. Select Schedule.

3. If there’s already an existing scheduled email, select New. If there are no scheduled emails, a new one is created by default.

4. Specify the following information:

  • Name of scheduled email

  • In where should this data go, select Amazon S3.

  • In S3 Details, enter the following information:

    • S3 bucket name

    • (Optional) Path within the S3 bucket

    • AWS Access Key ID and Secret Access Key corresponding to an IAM user that has the appropriate permissions. If your AWS S3 Bucket is encrypted using SSE with a customer managed KMS Key, kms:Encrypt and kms:GenerateDataKey is also required. Refer to Creating a Sufficiently Permissioned IAM User for more information.

    • S3 bucket region

  • Data format: PDF, Visualization (PNG), CSV ZIP file

  • Trigger: Repeating interval is currently the only supported trigger

  • Delivery schedule: Daily, Weekly, Monthly, Hourly, By Minute and what time the report should be delivered

  • Filters (optional) To send reports for a specific environment, provider, etc., expand the Filters drop-down. The filter options vary based on the selected report. Specify the filter criteria.

  • Advanced options (optional): Select single column layout, expand tables, set timezone, set paper size

5. Click Save All.

The report sent to your AWS S3 bucket includes the date/time, as shown below.

_images/current-rules-report-aws.png

Creating a Sufficiently Permissioned IAM User

The IAM user will need access to a policy with the following permissions:

  • For AWS S3: s3:PutObject (required for all)

  • If the AWS S3 bucket is using SSE with a customer managed KMS key, then kms:Encrypt and kms:GenerateDataKey are also required

Below is an example IAM policy to provide s3:PutObject permissions:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Action": [
               "s3:PutObject"
           ],
           "Resource": [
               "arn:aws:s3:::YOUR_BUCKET_NAME/OPTIONAL_SUBDIRECTORY/*"
           ],
           "Effect": "Allow",
           "Sid": "S3PutObject"
       }
   ]
}

Below is an example IAM policy to provide KMS permissions:

{
   "Version": "2012-10-17",
   "Statement": {
       "Action": [
           "kms:Encrypt",
           "kms:GenerateDataKey"
       ],
       "Resource": "YOUR_KMS_KEY_ARN",
       "Effect": "Allow"
   }
}

For more information refer to:

How to Drill Down Into a Report

To drill down into a report, select the report/dashboard on the Reports page, then select a chart. Not all charts/reports/dashboards support drills.

Below, we’ve drilled down into the Rule Violations By Severity report in the Compliance Posture Dashboard, selecting only the violations of medium severity:

_images/report-drilldown.gif

You can download the drill data:

_images/report-drill-download.png