ERM Rulesets

The Rulesets page shows the CSPM findings that are considered misconfigurations for risk calculation, for each platform. To calculate the risk score of your protected assets, CloudGuard uses by default all CSPM findings as misconfigurations. You can limit them to a specific ruleset of your interest to focus on selected security tasks. For this, replace the default rulesets with one designated ruleset for each cloud platform (AWSClosed Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services., Microsoft AzureClosed Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®., GCPClosed Google® Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube.).

CloudGuard considers CSPM exclusions, which means that it does not use excluded findings for the risk score calculation. For more details on exclusions, see Configuring CloudGuard Exclusions.

Note - Make sure all your important environments are part of a policy that includes the selected ruleset. Otherwise, ERM does not take their findings as misconfigurations for the risk score calculation and does not show misconfigurations. You can still see other information, such as CVEs and business priority.

To replace a ruleset:

  1. In the CloudGuard menu, navigate to Risk Management > Rulesets.

  2. Select your platform and click Replace Ruleset on the platform card. The list of applicable rulesets opens.

  3. Select a ruleset. You can filter the rulesets by management type - CloudGuard-managed or user-managed.

  4. Optionally, you can automatically create a policy for the ruleset if a different policy does not use it. Click to select this option. It is not available for the default option where all posture findings are considered in the risk score calculation.

  5. Click Save.

Best Practice - Check Point recommends to add new environments to one of the existing policies with the selected ruleset. The policy must have a notification with enabled Alerts Console. If such policy does not exist, you can use the option of automatic creation of a policy when you replace the default ruleset.