Remediation of Compliance issues using Dome9 CloudBots
You can configure your Dome9 account to use Dome9 CloudBots to automatically correct compliance issues that are discovered in your cloud accounts by Dome9 compliance checks.
On the Remediation page, you can configure remediation steps for specific rules in your rulesets.
You must deploy Dome9 Cloudbots in the cloud accounts to which remediation steps will be applied. See here for details.
Dome9 CloudBots are small programs or scripts that act on the account or cloud asset to correct missing or misconfigured settings (for example, to close Security Groups that are too open). They are invoked by Dome9 when compliance rules fail.
Dome9 CloudBots work only with rules that are invoked from Continuous Compliance policies (and not manually invoked compliance policies).
- Active protection of your cloud environment
- CloudBots can help reduce the workload on the enterprise cloud IT team, by performing remedial actions on misconfigured cloud assets and accounts automatically.
- The response time to remedy a problem is reduced, reducing the window of exposure to risk as a result of the misconfiguration.
- Since cloudbots work with continuous compliance assessments, your cloud environments are assessed repeatedly, so any changes (as a result of unintentional or unauthorized access to the cloud assets) are detected and corrected almost immediately.
- CloudBots will reliably apply the same correction to misconfigurations of the same type. That is, correcting an account policy misconfiguration will be the same for all accounts. In addition, a full audit trace can be kept of all actions, so you are aware of changes that are applied.
You can add a remediation for a specific rule in a ruleset, or for all rules in ruleset. You also limit a remediation to specific cloud accounts or entities (or both).
- Navigate to the Remediation page in the Posture Management menu.
Click CREATE NEW REMEDIATION, in the upper right.
- Select the rules for which the remediation will apply, from the following options. The options can be combined, and the effective rules on which the remediation will apply will be the combination of all the selected options.
- a Ruleset (mandatory)
- a specific Rule in the ruleset (optional, if missing,all rules are implied)
- a specific Entity, by its entity id (optional, if missing, all entities are implied); this will select all rules involving the selected entities
- a specific Cloud Account, this will apply the remediation to rules in the selected ruleset only when the ruleset is applied to the selected cloud accounts.
- Select the CloudBot, from the list. If the cloudbot is not in the list, select Custom, and then add the name of the cloudbot, along with the runtime arguments. The cloudbot must be deployed in the selected cloud account, in the same folder as the other bots.
- Add a comment (optional), and then click Save.