Profiles
Last updated: 14 January 2020
Location
Top navigation bar > Profiles
Profiles allow your organization to store and manage rule settings in reusable templates (e.g. rule settings for a specific environment type, security level, or application). You can apply a profile to one or more Cloud Accounts and also apply multiple profiles to an account to achieve the desired outcome for your rule settings.
Content
- Conformity default
- Custom Profile
- How Conformity Bot runs Rules
- Create a Profile
- Configure rules within Profile
- Apply Profile
- Bulk disable rules using Profiles
- Recommended usage of Profiles and rule exceptions maintenance
Refer to Conformity’s Public API for API support on Profiles.
User Access
When you sign up with Conformity, the Conformity Default is available to you as default profile when an organisation is created for you.
Conformity default
Consists of all rules in their default settings and cannot be configured within conformity.
Conformity default
Consists of all rules in their default settings and cannot be configured within conformity.
Downloading the default profile
Click on the Download button to keep this profile as a reference for all default rule settings. Although this profile consists of all the rules, not all of them are configured by default. You will need to configure the un-configured rules before uploading the default profile. Hence we recommend you copy rule settings from the default profile and apply to new or existing profiles.
Viewing the default profile rule settings
Since the Conformity default profile is read-only, you can only view and not configure any rule settings in this profile. However, you can copy individual rule settings in their default state and paste them into a profile if required.
- Click on View rule settings
- Pick a rule and click on View. The View rule settings pop-up window opens with a JSON format of the selected rule setting.
- Click on the Copy to clipboard button and paste it to another profile as required.
Custom Profile
A user created Profile is referred to as a custom profile within Conformity.
How Conformity Bot runs Rules
Conformity Bot runs rules at the Account level first. If the rule/s is not configured at the account level, then it will run checks at the Organisation profile level.
If a rule has not been configured either at an account level or the Organisation profile level, Conformity Bot will run checks at the Conformity default level.
Create a Profile
- Click on Profiles from the top navigation panel.
- Under Custom profiles, click on + Create Profile.
- Select the method of profile creation.
- Create new
- Enter New Profile name and New Profile description.
- Select an account from the Use existing configurations from an account drop-down to copy profile configurations already applied to existing accounts.
- Create new using downloaded Profile
- Click Browse to select a downloaded profile or downloaded account rule settings.
- Enter New Profile name, New Profile description. The Profile rule configurations automatically get copied over from the selected profile.
- Create new
- Use unique profile names for better identification.
- Add instructions for your team regarding profile usage and the accounts to apply to.
Profile management
Once you have created a profile, you can access it from the left-hand navigation. From the Manage Profiles page, you can:
- Edit the profile name and description
- Update rule settings
- Download
- Upload
- Apply the selected profile to your account(s)
- Delete the profile
Deleting a profile cannot be undone. You can download the profile and save it as a backup copy before deleting.
Profile rule configurations
- Click on Update rule settings.
- Filter rules as per your requirements, for example you can filter by Services, Rule ID, Categories, Active rules, Non-active rules, new or updated rules.
- You can configure every rule within a profile as per your requirements.
Resetting Profile rules
- Reset: returns a selected rule within a profile to its default settings.
- Reset all to default: returns all profile rules to their default settings.
Disabled rules are considered as configured rules i.e. you are configuring to disable the rule. Resetting all rules to default will reset your disabled rules as well.
| Rule Icon | Status |
|---|---|
 |
Un-configured rule. Click on Configure to enable and apply rule settings. |
 |
Rule with default settings. Click on Configure to apply rule settings. |
 |
Manually configured rule. Click on Configure to update settings or Reset to default. |
Download Profile
You can download profile settings in JSON format and used the downloaded profile while creating a new profile or managing an existing profile.
Upload Profile
You can upload a downloaded JSON file to replace the selected profile’s configurations i.e. profile name, description, and rule settings.
- Click on Upload.
- Browse to select the downloaded profile or downloaded account’s rule settings.
- Select one of the replacement options:
- Replace settings only
- Replace settings, name and description.
- Click Next.
- Review the warning before clicking on Proceed.
Apply Profile to Account
You can apply a profile to desired account(s) either from the Profile or from Rule Settings within an account.
- Click on Apply to
- Select account(s) from the list or search for it using name, environment, or account tags.
- Select the desired overwrite option: Replace, Merge, use profile, and Merge, use account.
-
Enter Notes and click on **Next.
Include exceptions
Before you click on the Next button, make sure that you review the “Include exceptions” option checked by default. This option allows you to handle your exceptions using Profiles without maintaining them on an account-level.
Keep “Include exceptions” checked if you wish to overwrite the current account exceptions with those in the merged profile. Or you can uncheck to retain existing account exceptions when the profile is merged.
You can use Profiles as a source of truth to manage an account’s settings like exceptions and rule configurations without affecting the basic rule configuration in an account.
- Review the summary
- You can Download the account’s existing rule settings as a backup
- Apply profile, or
- Go Back to the overwrite options.
Replace
This overwrite option allows you to overwrite all existing account settings and replace them with the profile’s settings being applied.
Merge, use profile
This overwrite options allows you to use the new profile settings along with the existing account settings. If there are any conflicts during the merge, the profile settings are applied by default.
Merge, use account
This overwrite options allows you to use the new profile settings with the existing account settings. If there are any conflicts during the merge, the account settings are applied by default.
Bulk disable rules using profiles
You can disable multiple rules in your account at once using the profile feature.
- Download ‘Disable All Rules’ profile by clicking on the link: disable-all-rules-20190905-mina.json.
- Use the downloaded profile to either:
- Create a new profile using a downloaded Profile
or - Modify an existing profile by using the Upload Profile feature
- Create a new profile using a downloaded Profile
- Apply the profile to the relevant account.
Recommended usage of Profiles and rule exceptions maintenance:
The “Include exceptions” feature allows users to handle their exceptions solely using Profiles without maintaining any on an account-level. This is achieved by:
- Creating a new profile and configuring rules with baseline exceptions.
- Applying the profile to the account/s with “Merge, use profile” and the “Include exceptions” box checked for the accounts that should inherit their exception resources and tags from a profile.
- Whenever exceptions require updating, only the profile needs to be modified and can be subsequently applied to the account/s.
Example of Account Management with Profiles
For example, you can create two profiles named “Exceptions” and “Settings” to manage exceptions and rule configurations for an account called “Live Production Account”:
- Exceptions - basic profile with default exceptions
- Settings - with configured rule settings. (“Enabled”, “Risk level” or “Settings” fields) You do not need to update any “exceptions” on this profile as they should be stored in the “Exceptions” profile you created.
- First apply the “Exceptions” profile to the “Live Production Account” using the “Merge, use profile” with the “include exceptions” option checked.
- Then apply the “Settings” profile to the same account using the “Merge, use profile” option with the “include exceptions” option unchecked.
- Whenever you need to update exceptions for the “Live Production Account”, just update the “Exceptions profile” and re-apply both the “Exceptions” and “Settings” profile.
Similarly, update the “Settings” profile to update rule settings for the same account and re-apply the “Settings” profile only.