Compliances Offered in Cloudlytics
- CIS AWS Foundation Checklist.
- GDPR readiness Checklist for AWS.
- MAS (Monetary Authority of Singapore) Scan.
- AWS Security Compliance Check.
- The Payment Card Industry Data Security Standard (PCI DSS) Compliance.
- Health Insurance Portability and Accountability Act (HIPAA) Compliance.
- ISO 27001.
- The National Institute of Standards and Technology (NIST) 800 53 Rev 4.
- AWS Security Group Health Check.
- S3 Bucket Health Check.
- BETA SOC2 Compliance.
- AWS Well Architected Review (WAR).
Recently Added compliances
- Azure Cis
- Health Insurance Portability and Accountability Act (HIPAA) Compliance for Azure.
- The National Institute of Standards and Technology (NIST) 800 53 Rev 4 for Azure.
- ISO 27001 for Azure.
- Azure PCI DSS
- Azure GDPR
Additionally customers can also create and configure their own custom compliance at root and admin level.
End-to-End Compliance Monitoring
Cloudlytics makes it easy for you to identify, prioritize, and remediate compliance risks with insights that drive action. It also ensures end-to-end compliance monitoring by running a scheduled scan on a daily, weekly, or customized time-span basis with reports directly sent through emails.
Report Dashboard
Get a detailed view of your compliance issues that are tracked, compiled and monitored in a graphical format. All the previous reports are stored in the dashboard for your convenience.
Rule Suppression
Our solution enables temporary suppression of a rule, in case you have to skip the known reason for a rule failure.
Downloadable Report from Console
The reports on the dashboard – current and old – can be downloaded with just a click away.
Compare Reports
Cloudlytics is an all-inclusive compliance assurance and threat protection solution. Get reports on the compliance posture of your cloud and compare it with previous reports to take necessary actions moving forward.
Steps to configure Compliance in Cloudlytics
- Login to Cloudlytics
- Select Compliance Monitoring from the menu and click on Configurations.
- Existing scan configurations configured for your account are listed on the screen.
- Now to add a new compliance configuration, click on Add Configuration button on the top right of the window as shown below.
- Enter the following fields for the new scan to be configured:
- Name: Name the scan to be configured
- Platform: AWS/Azure
- Scan type: Select scan type to be configured from the list
- Credentials: Select credentials for which scan
- Notification Endpoint: Select endpoint to which the scan report needs to be sent/Create a new Notification endpoint by clicking on ‘+’ button
- Scan Frequency Type: Select scan frequency from the options given. Using the custom option, the report can be generated for the number of days entered.
- Click on the Next button.
- Scan rules are displayed for the specific services for which the new scan needs to be configured.
- If the CloudWatch is displayed in the red color as shown in the screenshot below, click on it and fill the fields Namespace and Metric Name from the table below:
| Rule verbose | Namespace | Metric Name |
| Ensure a log metric filter and alarm exist for unauthorized API calls | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.01 Unauthorized API Calls |
| Ensure a log metric filter and alarm exist for Management Console sign-in without MFA | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.02 Management Console Sign-in Without MFA |
| Ensure a log metric filter and alarm exist for usage of root account | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.03 Usage of root Account |
| Ensure a log metric filter and alarm exist for IAM policy changes | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.04 IAM Policy Changes |
| Ensure a log metric filter and alarm exist for CloudTrail configuration changes | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.05 CloudTrail Config Changes |
| Ensure a log metric filter and alarm exist for AWS Management Console authentication failures | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.06 AWS Management Console Authentication Failures |
| Ensure a log metric filter and alarm exist for disabling or scheduled deletion of customer created CMKs | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.07 Disabling or Scheduled Deletion of Customer Created CMKs |
| Ensure a log metric filter and alarm exist for S3 bucket policy changes | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.08 S3 Bucket Policy Changes |
| Ensure a log metric filter and alarm exist for AWS Config configuration changes | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.09 AWS Config Configuration Changes |
| Ensure a log metric filter and alarm exist for security group changes | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.10 Security Group Changes |
| Ensure a log metric filter and alarm exist for changes to Network Access Control Lists (NACL) | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.11 Changes to Network Access Control Lists NACL |
| Ensure a log metric filter and alarm exist for changes to network gateways | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.12 Changes to Network Gateways |
| Ensure a log metric filter and alarm exist for route table changes | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.13 Route Table Changes |
| Ensure a log metric filter and alarm exist for VPC changes | CIS-3-MONITORING | CIS Benchmark v.1.1 – 3.14 VPC Changes |
Ensure that these Namespace and Metric Name are same in aws account as well.
- Once all rules are entered, click on the Save button.
- You will get the popup with the message ‘Compliance has been configured successfully. Do you want to attach it to any group?’
- You can continue or skip this step.
- Now you can see the compliance has been configured and the scan has been started for the same. The scanning status gets changed to ‘in the queue’ for that scan.
- The scan report will be generated once the scan gets completed and the generated report will be sent to the notification endpoint configured for your scan.
You can also create a customized scan type, where you can include the specific set of controls as per your requirements.
Steps to create customized compliance in Cloudlytics
- Select Compliance Monitoring from the menu and click on Customize.
- Choose your platform.
- Click on the +Add Compliance button on the top right of the screen.
- Enter the following fields as shown below for the new scan type to be configured:
- Scan Type:Name the scan type to be created
- Platform:Aws/Azure
- Check the box Set Default Logo or you can give url of logo your logo.
- Select the Section and the Service for which you want the new scan type to be created.
- As shown below, you can add the rule by clicking on the green ‘+’ icon.
- Now you can see the rules added for the selected service.
- You can also remove the added rule by clicking on Remove rule.
- Click the ‘Next’ button on the top right of the screen.
- Now you see the controls to be added to the new scan type to be configured.
- Click Save button
- The popup is displayed with the message ‘Compliance created successfully.’
If you want your compliance to be configured for the newly created scan type, you just need to follow the steps from the section ‘Steps to configure a Compliance in Cloudlytics’ mentioned above and select the newly created scan type from the options for the field ‘Scan type.’
