Compliance Policies
Note:Click the link in the Policy Name column to access the corresponding policy template.
Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.
Policy Name |
Description |
Checks for instances that are in a disallowed region with the option to terminate them. |
|
Checks for instances that are not running the IT Asset Management Agent. |
|
Verifies whether the provided roles exist in an account. |
|
Checks for EC2 instances that have been stopped for a long time with the option to terminate them after approval. |
|
Verifies whether the provided service control policy is applied across all accounts in an AWS organization. |
|
Finds all taggable AWS resources missing any of the user provided tags with the option to update the tags. |
|
Reports and remediates any ECS clusters that are not currently in use. |
|
Reports when AHUB usage in Azure falls outside or inside the number of licenses specified by the user. |
|
Check for instances that are in a disallowed region with the option to power off or delete them. |
|
Checks for instances that are not running the IT Asset Management Inventory Agent. |
|
Checks for virtual machines that have been stopped for a long time with the option to terminates them after approval. |
|
Checks for policies applied to Azure Subscriptions. |
|
Provides an overview for the various Regulatory Compliance controls and generates an email with the results. |
|
Lists anyone who has been granted Owner or Contributor access to an Azure subscription. |
|
Scans all resources in an Azure Subscription, raises an incident if any resources are not tagged with the name of their Resource Group, and remediates by tagging the resource. |
|
Finds all taggable Azure resources missing any of the user-provided tags with the option to update the tags. |
|
Checks for Azure virtual machines missing the user-specified tags. An incident is raised containing the untagged virtual machines, and the user has the option to power off, delete, or tag the virtual machines. Note:This policy is specific to virtual machines (Microsoft.Compute/virtualMachines). The Azure Untagged Resources policy is recommended for finding untagged resources that are not virtual machines. |
|
Generates an access report by Billing Center. |
|
Identifies users in Flexera IAM that have explicit user roles assigned. |
|
Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range. |
|
Gets the repositories under a GitHub.com Organization and creates incidents for any that do not have at least 1 Team assigned with the “admin” role. |
|
Gets the repositories and branches under a GitHub.com Organization and creates incidents for any that do not have protection enabled for their default branch. |
|
Gets all the Outside Collaborators (Users that have been granted access to a repository, but are not Members of the repository owner's Organization) under GitHub.com Organization(s) and creates an incident for each user that is not included in the specified username safelist. |
|
Gets the names of all repositories under GitHub.com Organization(s) and creates incidents for any that do not match any of the safelisted regex strings. |
|
Gets all repositories under GitHub.com Organization(s) and creates incidents for any that were created longer than a specified number of days ago, and are smaller than a specified size. |
|
Gets the top-level / parent Teams for a GitHub.com Org and creates an incident if any do not match the safelisted values. |
|
Reports on any Google VM instances that have been stopped for a long time with the option to delete them. |
|
Finds all Google Cloud resources (disks, images, instances, snapshots, buckets, vpn Gateways) missing any of the user-provided labels with the option to update the resources with the missing labels. |
|
Looks up active IT Asset Management Licenses expiring within a defined time period and sends the result as an email. |
|
Looks for machines that are ignored but have been inventoried recently and sends the result as an email. |
|
Looks for machines that are active but haven't checked in and sends the result as an email. |
|
Looks up software licenses and reports in an email any licenses that are overused. |
|
Looks for virtual machines that are active but are missing a Host ID. |