Policy Groups allow you to aggregate and save the required policies into specific groups. The use case of the Policy Group is to create and run the custom config audit on-demand scan for the specific set of policies instead of running scans for all policies. This feature is supported only for IaaS services (AWS, GCP, and Azure).
On the Security Configuration Audit page, you can create new policy groups or use the Skyhigh CASB recommended policy groups. These groups are used later to run config audit on-demand scans for the selected group.
You also have permission to edit or delete the Policy Group. For details, see Edit or Delete Configuration Audit Policy Group.
Create Policy Groups
To create Policy Groups:
- Log in to Skyhigh CASB.
- Go to Policy > Configuration Audit.
- In the Omnibar, select the required filters or enter search terms. Predictive search suggests possible search terms before you finish your query.
- Select the required policies from the table.
- Click Actions > Policy Groups > Create Group.
- Enter the Policy Group Name and click Save.
- Your new Policy Group is saved immediately on the Groups tab > My Groups.
The Groups tab provides the following information:
- My Groups. Displays the list of custom Policy Groups created by users. To create custom Policy Groups, see Create Policy Groups.
- Skyhigh Recommended. Displays the list of default policy groups provided by Skyhigh CASB. These groups include all critical policies in AWS, Azure, GCP Critical Policies and container policies. You can select all policies or the required policies from the recommended group and run config audit on-demand scan against the policy groups. Skyhigh Recommended Policy Groups are:
- AWS Critical Policies. All policies that are Critical in AWS config audit.
- Azure Critical Policies. All policies that are Critical in Azure config audit.
- GCP Critical Policies. All policies that are'Critical in GCP config audit.
- AWS Critical Policies and Container Policies. All policies that are Critical in AWS config audit and container policies.
- Azure Critical Policies and Container Policies. All policies that are Critical in AWS config audit and container policies.
- GCP Critical Policies and Container Policies. All policies that are Critical in AWS config audit and container policies.
- Skyhigh Recommended policy groups cannot be edited or deleted.
- If you want to modify the Skyhigh Recommended policy group, you can select all or required policies in the group and save it as a new policy group.