Assessment History

You can see a list of run assessments, with summary details for each assessment. Go to Posture Management > Assessment History. You can filter the view by environment, rulesets, triggering event, and time, to show specific assessments of interest.

For each assessment, the list shows:

  • Date - Date the assessment run

  • Environment - Name of assessed environment

  • Result - Test score

  • Number of failed rules (critical and high severity) - How many rules with critical and high severity levels failed

  • Number of failed and excluded tests - How many tests failed or were not included.

  • Triggered by - Event that triggered the assessment. The source can be:

    • Manual - For assessments run from the Rulesets page

    • Policy - For assessments made in Continuous Posture

    • System - For assessments defined on the CloudGuard dashboard, run hourly

  • Assessment Profile - Applied ruleset

  • Assessment Identifier - By default, the environment name

Executive Summary Report allows you to see the status of your environments and assets based on the results of the last assessment. This report is for a specific ruleset and its assessment results in multiple environments on one cloud platform. It shows the environments with the highest number of severity findings. In addition, it shows the distribution of assets that passed or failed the test score, and the number of failed tests sorted by the rule severity.

To create the executive summary report:

  1. Navigate to CSPM > Assessment History to show the list of assessments.

  2. On the top right, click Export > Executive Summary Report.

  3. In the window that opens, select a ruleset that is necessary for your report. Use the filter, search bar, or vendor grouping to find the applicable ruleset.

  4. Click Export. CloudGuard creates the report in HTML format for the selected ruleset and all environments assessed with it. From the browser, print or save the page to PDF.

  5. Click Back on your browser window to go back to CloudGuard.

To send the executive summary report by email:

  1. Navigate to CSPM > Assessment History to show the list of assessments.

  2. On the top right, click Export > Executive Summary Report to Email.

  3. In the window that opens, select a ruleset that is necessary for your report. Use the filter, search bar, or vendor grouping to find the applicable ruleset.

  4. In the E-mail field, enter one or more emails separated by a comma.

  5. Click Export. CloudGuard sends a message with the link to the report in CSV format to the supplied email addresses.

To send the scheduled executive summary report in a Cloud Platform policy:

  1. Create a new Cloud Platform policy.

  2. Select the platform and the rulesets.

  3. Add a new Notification. With only this type of policy, the Notification allows you to send the scheduled executive summary report to the selected email targets.

  4. Select Scheduled report and, from the list, select Executive summary report. Configure the remaining parameters as usual - see How to Configure a Notification.

  5. Click Save to save the notification.

  6. Click Save to save the policy.

  1. Navigate to CSPM > Assessment History.

  2. On the top bar, set a filter or select a time frame. The time selector allows you to set the period back from the current time (4 h, 24 h, 7 d) or start and end dates for a custom time range. CloudGuard shows the assessments that align with your criteria.

  3. Select an assessment to see its details.

Results for assessments show the percentage of passed tests from the total number of tests run. A test is the application of a policy rule on a cloud entity. For example, applying a rule on an ES2 instance or S3 bucket is a test. The same rule applied to many entities results in many tests, each with its result.

  1. Navigate to CSPM > Assessment History and select an assessment from the list.

  2. The assessment results show all the failed rules in the assigned policy.

You can create an exclusion directly from the assessment based on the assessment details. This procedure is faster because CloudGuard enters some fields automatically.

  1. Navigate to CSPM > Assessment History.

  2. Use the Filter bar to search for the assessment that can be a basis for your new exclusion.

  3. Click the assessment to see its details.

  4. Select a rule and click Expand to show more details.

  5. Below Findings, filter the entities by ID, name, environment, region, or network to select an entity whose finding is necessary to exclude.

  6. Opposite the entity, click the Exclude finding icon () in the Actions column on the right.

    The Create New Exclusion window opens, where most applicable fields are entered automatically.

  7. Edit the fields as necessary based on the steps in Configuring CloudGuard Exclusions.

  8. Enter a comment for the exclusion.

  9. Click Save.

You can create remediation directly from the assessment based on the assessment details. This procedure is faster because CloudGuard enters some fields automatically.

  1. Navigate to CSPM > Assessment History.

  2. Use the Filter bar to search for the assessment that can be a basis for your new exclusion.

  3. Click the assessment to see its details.

  4. Select a rule and click Expand to show more details.

  5. Below Findings, filter the entities by ID, name, environment, region, or network to select an entity whose finding is necessary to remediate.

  6. Opposite the entity, click the Configure remediation icon () in the Actions column on the right.

    The Create New Remediation window opens, where most applicable fields are entered automatically.

  7. Edit the fields as necessary based on the steps in Adding Remediation.

  8. Enter a comment for the remediation.

  9. Click Save.

Tested Entities Report allows you to see a specific assessment’s status in detail. The report includes the results of passed and failed entities.

To create the Tested Entities Report:

  1. Navigate to CSPM > Assessment History to show the list of assessments.

  2. In the window that opens, drill down in the assessment that is necessary for your report. Use the filter, search bar, or vendor grouping to find the assessment.

  3. Click the Export down arrow and select Tested Entities Report. CloudGuard creates the report in .CSV format for the selected assessment.

  4. To go back to the Assessment History page, click the back arrow on your browser or close the Assessment tab.

To export a list of passed entities to.CSV:

  1. Navigate to CSPM > Assessment History to show the list of assessments.

  2. In the window that opens, drill down in the assessment that is necessary for your report. Use the filter, search bar, or vendor grouping to find the assessment.

  3. Click the Export down arrow and select Export to CSV - Passed entities. CloudGuard creates the report in .CSV format for the selected assessment.

  4. To go back to the Assessment History page, click the back arrow on your browse or close the Assessment tab.

To export a list of failed entities to .CSV:

  1. Navigate to CSPM > Assessment History to show the list of assessments.

  2. In the window that opens, drill down in the assessment that is necessary for your report. Use the filter, search bar, or vendor grouping to find the assessment.

  3. Click the report Export down arrow and select Export to CSV - Failed entities. CloudGuard creates the report in .CSV format for the selected assessment.

  4. To go back to the Assessment History page, click the back arrow on your browser or close the Assessment tab.