Compliance Policies
Note:
Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.
Policy Name |
Description |
Checks for instances that are in a disallowed region with the option to terminate them. |
|
Checks for instances that are not running the IT Asset Management Agent. |
|
Verifies whether the provided roles exist in an account. |
|
Checks for EC2 instances that have been stopped for a long time with the option to terminate them after approval. |
|
Verifies whether the provided service control policy is applied across all accounts in an AWS organization. |
|
Finds all taggable AWS resources missing any of the user provided tags with the option to update the tags. |
|
Reports and remediates any ECS clusters that are not currently in use. |
|
Reports when AHUB usage in Azure falls outside or inside the number of licenses specified by the user. |
|
Check for instances that are in a disallowed region with the option to power off or delete them. |
|
Checks for instances that are not running the IT Asset Management Inventory Agent. |
|
Checks for virtual machines that have been stopped for a long time with the option to terminates them after approval. |
|
Checks for policies applied to Azure Subscriptions. |
|
Provides an overview for the various Regulatory Compliance controls and generates an email with the results. |
|
Lists anyone who has been granted Owner or Contributor access to an Azure subscription. |
|
Scans all resources in an Azure Subscription, raises an incident if any resources are not tagged with the name of their Resource Group, and remediates by tagging the resource. |
|
Finds all taggable Azure resources missing any of the user-provided tags with the option to update the tags. |
|
Checks for Azure virtual machines missing the user-specified tags. An incident is raised containing the untagged virtual machines, and the user has the option to power off, delete, or tag the virtual machines. Note:This policy is specific to virtual machines (Microsoft.Compute/virtualMachines). The Azure Untagged Resources policy is recommended for finding untagged resources that are not virtual machines. |
|
Generates an access report by Billing Center. |
|
Identifies users in Flexera IAM that have explicit user roles assigned. |
|
Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range. |
|
Gets the repositories under a GitHub.com Organization and creates incidents for any that do not have at least 1 Team assigned with the “admin” role. |
|
Gets the repositories and branches under a GitHub.com Organization and creates incidents for any that do not have protection enabled for their default branch. |
|
Gets all the Outside Collaborators (Users that have been granted access to a repository, but are not Members of the repository owner's Organization) under GitHub.com Organization(s) and creates an incident for each user that is not included in the specified username safelist. |
|
Gets the names of all repositories under GitHub.com Organization(s) and creates incidents for any that do not match any of the safelisted regex strings. |
|
Gets all repositories under GitHub.com Organization(s) and creates incidents for any that were created longer than a specified number of days ago, and are smaller than a specified size. |
|
Gets the top-level / parent Teams for a GitHub.com Org and creates an incident if any do not match the safelisted values. |
|
Reports on any Google VM instances that have been stopped for a long time with the option to delete them. |
|
Finds all Google Cloud resources (disks, images, instances, snapshots, buckets, vpn Gateways) missing any of the user-provided labels with the option to update the resources with the missing labels. |
|
Looks up active IT Asset Management Licenses expiring within a defined time period and sends the result as an email. |
|
Looks for machines that are ignored but have been inventoried recently and sends the result as an email. |
|
Looks for machines that are active but haven't checked in and sends the result as an email. |
|
Looks up software licenses and reports in an email any licenses that are overused. |
|
Looks for virtual machines that are active but are missing a Host ID. |