Skip to main content
McAfee MVISION Cloud

Create a Security Configuration Audit Policy

Create a Policy from a Policy Template 

To use pre-configured Configuration Audit Policy Templates, use the following steps:

  1. Go to Policy > Policy Templates.
  2. Filter for Policy Type > Security Configuration
  3. Filter for Service Applicable to and select your service. Then select the policies you want to import into your instance. 
  4. Click Create Policy
    config_audit_gcr_policy_templates.png
  5. The new policies display on the Policy > Configuration Audit page.  
  6. Edit the policy as needed for your implementation. 

Create a Policy using the Policy Builder

Use the Configuration Audit Policy Builder to create custom Security Configuration Audit policies to meet your organization's requirements. It supports policies for AWS, Azure, and GCP and provides compliance against industry standards such as CIS, PCI, HIPAA, and NIST 800-53. 

The Policy Builder supports conditions as exceptions to the policy. It also allows you to test the policy and see sample results before you save it.

For information on policy builder syntax, errors, supported resource types, operators, and value types see Security Configuration Audit Policy Syntax

To create a Security Configuration Audit Policy:

  1. Go to Policy > Configuration Audit
  2. Click Actions > Create Policy
  3. The policy builder wizard opens. On the Description page, configure the following fields:
    inactive_user_1.png
    • Name. Enter a unique name for the policy. 
    • Description. Enter an optional description for the policy. 
    • Services. Select the service you want the policy to apply to. 
  4. Click Next
  5. Select one or more Resource Type.
    clipboard_e6b65da02c5c516cb2baf11a1514c34c2.png
  6. IF. Add Policy Rules based on your requirements. Click + to add more and choose AND/OR
    • Attribute values are auto-populated wherever applicable. If the value you want to provide is not there in the auto-populated list , you can still manually add them . To add a value , write it on search bar and then hit enter.
      clipboard_e38764a845a74553bb0c9207503137886.png 
  7. THEN. Select a Severity, either High, Medium, Low, Warning, and Info.
    clipboard_e61b3330abaf30e1cd4bb713383aa5784.png
  8. ADD AN EXCEPTION. Add optional exceptions if you do not want to apply rules on some accounts, or you want to skip the policy evaluation for a specific resource instance based on some conditions. Click + to add more. 
  9. Click Test Rule. This tests your policy and reports the total number of resources that are violating the policy. It also returns a maximum of 50 records as a sample result.
    clipboard_e1007f1bc9f44d55b62498ba658a2bdf6.png
  10. Click Next
  11. Responses. Add a Response Action to your policy. 
    inactive_user_5.png
  12. Click Next
  13. Review your policy and click Save. By default, the policy is made active. 
    clipboard_e49a7ae817061a9943bd689ab991ff695.png

NOTE: The support for creating compliance policies against new services/ resource types added by the vendors can be dynamically added by MVISION Cloud in 2 weeks. This allows creating custom policies for their organization's requirements.

Sample Policies

For information on policy builder syntax, supported resource types, operators, and value types see Security Configuration Audit Policy Syntax

List EC2 Instances with Unrestricted TCP Access

clipboard_efe3e7e113b82a43d51000caeac2e191e.png

Publicly accessible S3 Buckets

clipboard_ecf816e4c943f1d4352d23234192724e7.png

Find Inactive IAM Users

clipboard_e7b622ab1e3a94403b27bece5d8a232e5.png

Storage Accounts with Unrestricted Access to Azure Activity Logs

clipboard_e71c325a3b3a3c738cb530547dede0e7a.png

EC2 Instances with More Than 10 Security Groups Attached

clipboard_eb3a2b0d504f6100b065caa54596ef56a.png

CloudTrail Trails not Integrated with CloudWatch Logs

clipboard_e5caf95c02b141d66ed9ec1ae12ac53a4.png

CloudTrail Logging Disabled for the Account

clipboard_e7b5c9c911549fef94fef21859cc208d5.png

Security Group Should not Allow Inbound Traffic

No target tags set or target in a production environment. 
clipboard_eda3a5182c508e33ba4f7400c7827b5d2.png

  • Was this article helpful?