A CloudGuard Dome9 continuous compliance policy is a compliance ruleset, associated with a cloud account and a notification policy. Dome9 continuously assesses the accounts in your compliance policies, with the rulesets you have selected, and notifies you of rules that failed using the notification policy you have selected. You can receive findings as email reports, messages to SNS topics, or as events sent to HTTP endpoints (webhooks).
Dome9 does not send notifications for issues already discovered (in a previous assessment by the same policy). So, you will receive a notification only the first time a rule fails, but not after subsequent assessments. If the issue is remedied, and the rule passes in a subsequent assessment, a 'pass' notification is sent to SNS and HTTP endpoints, but not to email notifications (in email reports it will not be in the list of failed rules).
Navigate to the Compliance Policies option, in the Posture Management menu. This shows a list of compliance associations, organized by Cloud Account.
You can show the policies grouped by cloud accounts or by rulesets
Use the filter pane on the left to filter the list of policies according to cloud provider, account, ruleset, and Notification Policy.
Click ADD POLICY to add another compliance policy.
- Select the cloud platform (AWS, Azure, or GCP), then click NEXT.
Select the accounts (more than one can be selected), then click NEXT
Select the compliance rulesets for the policy (more than one can be selected), and then click NEXT. You can add more rulesets in the Rulesets option of the Posture Management menu.
Select the Notification Policies for the association. To add a new Notification Policy, press ADD NOTIFICATION (and see Set up a Notification Policy for more details).
- Click SAVE.