Continuous Posture

A CloudGuard Continuous Posture is a compliance ruleset, associated with an environment and a notification. CloudGuard continuously assesses the environments in your compliance policies with the selected rulesets and notifies you of rules that failed with the Notification that you select. You can receive findings as email reports, messages to SNS topics, or events sent to HTTP endpoints (webhooks).

CloudGuard does not send notifications for issues already discovered in assessment done before by the same policy. You receive a notification only the first time a rule fails, but not after the next assessments. If the issue is remedied, and the rule passes in the next assessment, a 'pass' notification is sent to SNS and HTTP endpoints, but not to email notifications. In email reports, it does not show in the list of failed rules.

To set up a Continuous Posture:

  1. Navigate to the Continuous Posture page in the CSPM menu. This page shows a list of policy associations.

  2. Click Add Filter to search from the list of policies by platform, OU/environment, ruleset, and notification.

  3. Click Add Policy to add a different policy. Select one of these options:

    • Cloud Platform Policy - CloudGuard automatically selects all onboarded environments on the selected platform. In addition, when you onboard a new environment that belongs to this platform to CloudGuard, this policy automatically applies to all new environments.

    • Environment Policy - Select one or more environments for the policy.

    • Organizational Unit Policy - Select an Organizational Unit, and the policy applies to all existing and newly onboarded environments in this Unit.

  4. For a new Cloud Platform Policy:

    1. Select a cloud platform and click Next.

    2. Select one or more rulesets for the policy, select the ruleset version, and click Next. For Adding a Ruleset, open the Rulesets page of the CSPM menu.

    3. Select notifications for the policy. To add a new notification, click Add Notification. When you add a new notification to the Cloud Platform policy, you can select an Executive Summary report as a scheduled report. For more details on notifications, see How to Configure a Notification.

    4. Click Save.

  5. For a new Environment Policy:

    1. Select a cloud platform and click Next.

    2. Select one or more environments and click Next.

    3. Select one or more rulesets for the policy, select the ruleset version, and click Next. For Adding a Ruleset, open the Rulesets page of the CSPM menu.

    4. Select notifications for the policy. To add a new notification, click Add Notification. For more details on notifications, see How to Configure a Notification.

    5. Click Save.

  6. For a new Organizational Unit Policy:

    1. Select an Organizational Unit and click Next.

    2. Select one or more of the rulesets for the policy, select the ruleset version, and click Next. For Adding a Ruleset, open the Rulesets page of the CSPM menu.

    3. Select notifications for the policy. To add a new notification, click Add Notification. For more details on Notifications, see How to Configure a Notification.

    4. Click Save.

    Note - When you change the ruleset version for existing policies (with the Edit option), it affects the policies that use the ruleset. This can cause closing findings or opening new findings in the assessment results.