Compliance Policies

Note:Click the link in the Policy Name column to access the corresponding policy template.

Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.

Policy Name

Description

AWS Disallowed Regions 

Checks for instances that are in a disallowed region with the option to terminate them.

AWS EC2 Instances not running FlexNet Inventory Agent 

Checks for instances that are not running the IT Asset Management Agent.

AWS IAM Role Audit 

Verifies whether the provided roles exist in an account.

AWS Long-stopped Instances 

Checks for instances that have been stopped for a long time with the option to terminates them after approval.

AWS Service Control Policy Audit 

Verifies whether the provided service control policy is applied across all accounts in an AWS organization.

AWS Untagged Resources 

Finds all AWS resources missing any of the user provided tags with the option to update the resources with the missing tags.

AWS Unused ECS Clusters 

Reports and remediates any ECS clusters that are not currently in use.

Azure AHUB Utilization with Manual Entry 

Reports when AHUB usage in Azure falls outside or inside the number of licenses specified by the user.

Azure Disallowed Regions 

Check for instances that are in a disallowed region with the option to terminate them.

Azure Instances not running IT Asset Management Inventory Agent 

Checks for instances that are not running the IT Asset Management Inventory Agent.

Azure Long Stopped Instances 

Checks for instances that have been stopped for a long time with the option to terminates them after approval.

Azure Policy Audit 

Checks for policies applied to Azure Subscriptions.

Azure Regulatory Compliance 

Provides an overview for the various Regulatory Compliance controls and generates an email with the results.

Azure Subscription Access 

Lists anyone who has been granted Owner or Contributor access to an Azure subscription.

Azure Tag Resources with Resource Group Name 

Scans all resources in an Azure Subscription, raises an incident if any resources are not tagged with the name of their Resource Group, and remediates by tagging the resource.

Azure Untagged Resources 

Finds all Azure resources missing any of the user provided tags with the option to update the resources with the missing tags.

Billing Center Access Report 

Generates an access report by Billing Center.

Disallowed Cloud Images 

Checks for any running instances that are using disallowed cloud images with the option to terminate them after approval.

GitHub.com Available Seats Report 

Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range.

GitHub.com Repositories without Admin Team 

Gets the repositories under a GitHub.com Organization and creates incidents for any that do not have at least 1 Team assigned with the “admin” role.

GitHub.com Repository Branches without Protection 

Gets the repositories and branches under a GitHub.com Organization and creates incidents for any that do not have protection enabled.

GitHub.com Unpermitted Outside Collaborators 

Gets all the Outside Collaborators (User that have been granted access to a repository, but are not a Member of the repository owner's Organization) under GitHub.com Organization(s) and creates an incident for each that are not included in the specified username safelist.

GitHub.com Unpermitted Repository Names 

Gets the names of all repositories under GitHub.com Organization(s) and creates incidents for any that do not match any of the safelisted regex strings.

GitHub.com Unpermitted Sized Repositories 

Gets all repositories under GitHub.com Organization(s) and creates incidents for any that were created longer than a specified number of days ago, and are smaller than a specified size.

GitHub.com Unpermitted Top-Level Teams 

Gets the top-level / parent Teams for a GitHub.com Org and creates an incident if any do not match the safelisted values.

Google Long-stopped instances 

Reports on any Google instances that have been stopped for a long time with the option to terminate them.

Google Unlabeled Resources 

Finds all Google Cloud resources (disks, images, instances, snapshots, buckets, vpn Gateways) missing any of the user-provided labels with the option to update the resources with the missing labels.

IT Asset Management Licenses At Risk 

Looks up IT Asset Management Licenses “At Risk,” and sends the result as an email.

IT Asset Management Low Available Licenses 

Looks up IT Asset Management Licenses and finds all IT Asset Management Licenses with available count less than the user provide percentage, and sends the result as an email.

Policy Update Notification 

Identifies the current version of the applied policy and that of the respective policy in the catalog and creates an incident with the date of policy updation.

Unapproved Instance Types 

Checks for instances that are using instance types that are not in the specified list and stops them after approval.

Untagged Resources 

Checks resources for missing tags and reports on them.