CIEM Policies, Exclusions, and Remediation

Policies

To receive notifications about CIEM events, it is necessary to create a policy. You define the CIEM policy like other CloudGuard policies. For more information, see Configuring CloudGuard Policies.

The findings that the CIEM policy discovers already exist in the system, so no new findings are created.

Start to configure the policy from CIEM > Policies > Add Policy > Environment Policy.

You can select these types of notifications in your CIEM policy:

For more information about the options, see How to Configure a Notification.

Exclusions

You define the CIEM exclusions like other CloudGuard exclusions. For more information, see Configuring CloudGuard Exclusions.

Start to configure the exclusion from CIEM > Exclusions > Create New Exclusion.

The CIEM exclusions always apply to the preselected Entitlement Management ruleset. The exclusion is based on these parameters:

  • Environment or Organization unit
  • Date range

  • Entity

  • Account number

  • Alerts severity

To create an exclusion from a finding, see Creating Exclusion for Finding.

To create an exclusion from scratch, see Creating an Exclusion.

Remediation

You define remediations for CIEM like other remediations for Posture Management. For more information, see Automatic Remediation with CloudBots.

Start to configure the remediation from CIEM > Remediation > Create New Remediation.

The CIEM remediation always applies to the preselected Entitlement Management ruleset.

To create a remediation, see Adding Remediation.

The applied CloudBot is iam_entity_create_and_attach_permission_boundary. The default policy name is CIEMSuggestion, but you can enter another permission boundary (policy) name. This policy is a permissions boundary policy added by the CloudBot from the finding as described in Option B.