For a primer on rules, controls, and how they relate, see Compliance Concepts.
Fugue’s Rules page is accessible from the Rules link in the upper-right corner of the UI. It displays all Fugue rules and custom rules for an organization. You can search, filter, and sort the list.
From the Rules page, you can:
Create, edit, or delete a custom rule
Enable or disable a Fugue rule or custom rule
Create or edit a custom family
Select a rule to view more information (paid plans only):
Link to remediation steps
Affected resource type(s)
Rule type (Fugue or Custom)
Who last updated (custom rules only) or enabled/disabled a rule (all rules)
Associated compliance controls
Use the Enter key to search by a keyword. You can enter multiple queries by using Tab after each one.
The Rules search also supports key:value syntax for the following search terms:
Rule status; disabled, enabled (all rules), invalid (custom rules only)
Rule type; fugue (out-of-the-box) or custom
Provider; aws, govcloud, azure (for Azure and Azure Government), google, or repository
Rule source: Custom or Fugue
For example, you can search by the following terms:
severity:critical shows only rules with a severity level of Critical.
category:custom shows only custom rules.
status:invalid provider:aws shows only AWS rules that are invalid. (Enter Tab between the terms.)
You can search by multiple comma-separated terms per parameter (e.g., severity:critical,high).
severity:critical,high shows rules with a severity level of Critical or High.
resource_type:iam,vpc shows rules with resource types of IAM or VPC.
category:user and role management, access control policies shows only rules that have the rule category of user and role management or access control policies.
category:user and role management, access control policies
user and role management
access control policies
family:Production Rule Family shows rules associated with the Production Rule Family.
family:Production Rule Family
You can sort the rules by name and severity. Default is in decreasing order of severity (starting with Critical).
The active sorted column shows a single arrow. Select the arrow to reverse the direction:
The inactive sortable column shows a double arrow. Select the double arrow to make it active:
If you have more than 10 rules, you’ll see a drop-down menu below the table of rules. You can choose to show 10, 20, 50, or 100 rows per page:
You can filter on the Rules page by selecting the filter icon, as highlighted below.
This opens the filter panel. You can filter by:
Type (e.g., Fugue or Custom)
Status (e.g., Disabled, Enabled, or Invalid)
Once filters and/or search terms are applied, you can share them via URL.
Enabling and Disabling Rules