CloudGuard Dome9 Help

Remediation of Compliance issues using Dome9 CloudBots


You can configure your Dome9 account to use Dome9 CloudBots to automatically correct compliance issues that are discovered in your cloud accounts by Dome9 compliance checks.

On the Remediation page, you can configure remediation steps for specific rules in your rulesets.

You must deploy Dome9 Cloudbots in the cloud accounts to which remediation steps will be applied. See here for details.

CloudBots

Dome9 CloudBots are small programs or scripts that act on the account or cloud asset to correct missing or misconfigured settings (for example, to close Security Groups that are too open). They are invoked by Dome9 when compliance rules fail.

Dome9 CloudBots work only with rules that are invoked from Continuous Compliance policies (and not manually invoked compliance policies).

Benefits

  • Active protection of your cloud environment
  • CloudBots can help reduce the workload on the enterprise cloud IT team, by performing remedial actions on misconfigured cloud assets and accounts automatically.
  • The response time to remedy a problem is reduced, reducing the window of exposure to risk as a result of the misconfiguration.
  • Since cloudbots work with continuous compliance assessments, your cloud environments are assessed repeatedly, so any changes (as a result of unintentional or unauthorized access to the cloud assets) are detected and corrected almost immediately.
  • CloudBots will reliably apply the same correction to misconfigurations of the same type. That is, correcting an account policy misconfiguration will be the same for all accounts. In addition, a full audit trace can be kept of all actions, so you are aware of changes that are applied.

See Also

CloudBots