About CSPM Security Configuration Audit
Skyhigh CASB Configuration Audit allows your policy team to discover and monitor the configuration of your Infrastructure as a Service (IaaS) cloud services, such as AWS, Azure, and GCP. In addition to generating reports for audits, these features minimize risks associated with security misconfigurations and reduce the time to achieve compliance.
Supported services include:
- Amazon Web Services (AWS)
- Microsoft Azure
- Azure Container Registry (ACR)
- Google Cloud Platform (GCP)
- Google Container Registry (GCR)
Config Audit policies are grouped into the following categories:
- Unrestricted Access
- Identity and Access Management
- Network Security
- Encryption
- Logging
- Monitoring
- Certificate And Key Management
- Backup and Recovery
- Infrastructure Management
- Application Security
- Others. All custom policies.
For SaaS, or Microsoft Office 365, see Security Configuration Audit for Saas.
Enable Security Configuration Audit
Enable Security Configuration Audit in Settings > Service Management when you create your service instance and select the features.
When you create your service instance, you can configure notifications to be sent based on different Configuration Audit incident severities as per your organization's requirements. This allows you to avoid being inundated with minor severity incidents alerts. For details, see Enable Configuration Audit Notifications.
Security Configuration Audit Page
The Policy > Configuration Audit page provides a high-level view of the configuration policies that are currently active or inactive in your organization's Skyhigh CASB account. You can use the page to enable or disable policies and can filter, group or search policies to gain insights into areas where your organization should improve their security IAAS footing.
The Security Configuration Audit page provides the following information and actions:
- Filters. Select options on the Filters tab to scope down your search.
- Groups. Displays the policy groups you have created. You can edit and delete the policy groups you have created.
- Search. Search via the Omnibar.
- Actions. Click Actions to:
- Create Policy
- Activate Policies
- Deactivate Policies
- Delete Polices
- Export to Template
- Policy Groups. Allows you to aggregate and save the required policies into specific groups. Policy Groups are supported only for IaaS services (AWS, GCP, and Azure).
- Policy Name. The name of the Configuration Audit policy.
- Status. The status of the Configuration Audit policy, including Active or Inactive.
- Service Name. The name of the cloud service provider the policy applies to.
- Policy Category. The category of the Configuration Audit policy.
- Last Updated. The date the policy was last updated.
- Updated By. The user who last updated the policy.
- Actions.
Security Configuration Audit Cloud Card
Click a policy to access the Cloud Card with policy details.
The Configuration Audit Cloud Card provides the following information and actions:
- Policy Name. The name of the Configuration Audit policy.
- Policy Description. The optional description of the Configuration Audit policy.
- Policy Type. The type of policy.
- Policy Status. The status of the Configuration Audit policy, including Active or Inactive.
- Edit this policy
- Schedule. The frequency the policy is scheduled to run.
- Permissions. The permissions required for this policy to run.