Automatic Remediation with CloudBots

CloudBots automatically correct compliance issues discovered in your cloud environments by CloudGuard compliance checks. You can configure your CloudGuard account to use CloudGuard CloudBots.

You can configure remediation steps in different contexts of the CloudGuard portal.

You must deploy CloudGuard CloudBots in the cloud environments to apply remediation steps.


CloudGuard CloudBots are small programs or scripts in Python that operate on the account or cloud asset to correct missing or misconfigured settings. For example, they can close Security Groups that are widely open. CloudGuard invokes CloudBots when compliance rules fail.

CloudBots work with rules invoked from Continuous Posture, Intelligence, and CIEM policies.

For some rules, CloudGuard recommends you use one of the preconfigured CloudBots or create your CloudBot if there is a rule violation. For other rules, you can use only your custom CloudBots.

CloudBots provide:

  • Reduction of risks related to misconfigurations in your cloud environment, to comply with the compliance industry standards.

  • Reduced workload on the enterprise cloud IT team by performing remedial actions on misconfigured cloud assets and environments automatically.

  • Reduced response time to remedy a problem to decrease the window of exposure to risk because of the misconfiguration.

  • As CloudBots work with continuous posture assessments, your cloud environments are repeatedly assessed, so any changes (because of accidental or not approved access to the cloud assets) are detected and corrected almost immediately.

  • Reliable application of the same correction to misconfigurations of the same type. Correcting an environment policy misconfiguration is the same for all environments. In addition, a full audit trace can be kept of all actions, so you know about the applied changes.

The CloudGuard portal provides multiple options to configure remediation:

  • Go to CSPM > Remediation and click Create New Remediation. For more information, see Adding Remediation

  • Go to CSPM > Rulesets, select a ruleset, select a rule, and click Add CloudBot below Automated Remediation.

  • Go to CSPM > Assessment History and select an assessment result. In one of the failed rules, click Expand to see the list of findings and click Configure remediation () for a failed entity. For more information, see Creating Remediations

  • Go to CIEM > Remediation and click Create New Remediation. For more information, see Remediation

  • Go to CDR > Threat Monitoring > Remediation and click Create New Remediation. For more information, see Remediation

  • Go to Events > Posture Findings or Threat & Security Events, select an event, and click Fix it. For more information, see Applying a CloudBot immediately (Fix it)

Onboarding CloudBots

To apply remediation steps, you must onboard CloudGuard CloudBots in the cloud environments. For manual deployment of the CloudBots, see

For deployment through the CloudGuard portal, see below.

To onboard CloudBots through CloudGuard:

  1. In CloudGuard, open the Environments page from the Assets menu.

  2. Select an environment to be protected with CloudBots.

  3. In the CloudBots column, click Enable CloudBots to start the remediation onboarding wizard.

    As an alternative, you can click and open the environment page. From the top menu, select Add CloudBots.

  4. Follow the on-screen instructions to complete the wizard.


More Links

Posture Findings and Security Events

Assessment History