Open menu

Profiles

Last updated: 14 January 2020

Location

Top navigation bar > Profiles

Profiles allow your organization to store and manage rule settings in reusable templates (e.g. rule settings for a specific environment type, security level, or application). You can apply a profile to one or more Cloud Accounts and also apply multiple profiles to an account to achieve the desired outcome for your rule settings.

Content

Refer to Cloud Conformity’s Public API for API support on Profiles.

User Access

Trend Micro Cloud One™ – Conformity default Profile

When you signup for Conformity, the default profile is created along with your organisation. This profile consists of all rules in their default settings which is updated with new rules and updates regularly. Every profile that you create is a default profile until configured manually.

Downloading the default profile

Click on the Download button to keep this profile as a reference for all default rule settings. Although this profile consists of all the rules, not all of them are configured by default. You will need to configure the un-configured rules before uploading the default profile. Hence we recommend you copy rule settings from the default profile and apply to new or existing profiles.

Viewing the default profile rule settings

Since the Conformity default profile is read-only, you can only view and not configure any rule settings in this profile. However, you can copy individual rule settings in their default state and paste them into a profile if required.

  1. Click on View rule settings
  2. Pick a rule and click on View. The View rule settings pop-up window opens with a JSON format of the selected rule setting.
  3. Click on the Copy to clipboard button and paste it to another profile as required.

Custom Profile

A user created Profile is referred to as a custom profile within Conformity.

Create a Profile

  1. Click on Profiles from the top navigation panel.
  2. Under Custom profiles, click on + Create Profile.
  3. Select the method of profile creation.
    • Create new
      1. Enter New Profile name and New Profile description.
      2. Select an account from the Use existing configurations from an account drop-down to copy profile configurations already applied to existing accounts.
    • Create new using downloaded Profile
      1. Click Browse to select a downloaded profile or downloaded account rule settings.
      2. Enter New Profile name, New Profile description. The Profile rule configurations automatically get copied over from the selected profile.

  • Use unique profile names for better identification.
  • Add instructions for your team regarding profile usage and the accounts to apply to.

Profile management

Once you have created a profile, you can access it from the left-hand navigation. From the Manage Profiles page, you can:

Deleting a profile cannot be undone. You can download the profile and save it as a backup copy before deleting.

Profile rule configurations

  1. Click on Update rule settings.
  2. Filter rules as per your requirements, for example you can filter by Services, Rule ID, Categories, Active rules, Non-active rules, new or updated rules.
  3. You can configure every rule within a profile as per your requirements.

Resetting Profile rules

  • Reset: returns a selected rule within a profile to its default settings.
  • Reset all to default: returns all profile rules to their default settings.

Disabled rules are considered as configured rules i.e. you are configuring to disable the rule. Resetting all rules to default will reset your disabled rules as well.

Rule Icon Status
Un-configured rule. Click on Configure to enable and apply rule settings.
Rule with default settings. Click on Configure to apply rule settings.
Manually configured rule. Click on Configure to update settings or Reset to default.

Download Profile

You can download profile settings in JSON format and used the downloaded profile while creating a new profile or managing an existing profile.

Upload Profile

You can upload a downloaded JSON file to replace the selected profile’s configurations i.e. profile name, description, and rule settings.

  1. Click on Upload.
  2. Browse to select the downloaded profile or downloaded account’s rule settings.
  3. Select one of the replacement options:
    1. Replace settings only
    2. Replace settings, name and description.
  4. Click Next.
  5. Review the warning before clicking on Proceed.

Apply Profile to Account

You can apply a profile to desired account(s) either from the Profile or from Rule Settings within an account.

  1. Click on Apply to
  2. Select account(s) from the list or search for it using name, environment, or account tags.
  3. Select the desired overwrite option: Replace, Merge, use profile, and Merge, use account.
  4. Enter Notes and click on **Next.

    Include exceptions

    Before you click on the Next button, make sure that you review the “Include exceptions” option checked by default. This option allows you to handle your exceptions using Profiles without maintaining them on an account-level.

    Keep “Include exceptions” checked if you wish to overwrite the current account exceptions with those in the merged profile. Or you can uncheck to retain existing account exceptions when the profile is merged.

    You can use Profiles as a source of truth to manage an account’s settings like exceptions and rule configurations without affecting the basic rule configuration in an account.

  5. Review the summary
    1. You can Download the account’s existing rule settings as a backup
    2. Apply profile, or
    3. Go Back to the overwrite options.

Replace

This overwrite option allows you to overwrite all existing account settings and replace them with the profile’s settings being applied.

Merge, use profile

This overwrite options allows you to use the new profile settings along with the existing account settings. If there are any conflicts during the merge, the profile settings are applied by default.

Merge, use account

This overwrite options allows you to use the new profile settings with the existing account settings. If there are any conflicts during the merge, the account settings are applied by default.

Bulk disable rules using profiles

You can disable multiple rules in your account at once using the profile feature.

  1. Download ‘Disable All Rules’ profile by clicking on the link: disable-all-rules-20190905-mina.json.
  2. Use the downloaded profile to either:
    1. Create a new profile using a downloaded Profile
      or
    2. Modify an existing profile by using the Upload Profile feature
  3. Apply the profile to the relevant account.

The “Include exceptions” feature allows users to handle their exceptions solely using Profiles without maintaining any on an account-level. This is achieved by:

  1. Creating a new profile and configuring rules with baseline exceptions.
  2. Applying the profile to the account/s with “Merge, use profile” and the “Include exceptions” box checked for the accounts that should inherit their exception resources and tags from a profile.
  3. Whenever exceptions require updating, only the profile needs to be modified and can be subsequently applied to the account/s.

Example of Account Management with Profiles

For example, you can create two profiles named “Exceptions” and “Settings” to manage exceptions and rule configurations for an account called “Live Production Account”:

  • Exceptions - basic profile with default exceptions
  • Settings - with configured rule settings. (“Enabled”, “Risk level” or “Settings” fields) You do not need to update any “exceptions” on this profile as they should be stored in the “Exceptions” profile you created.
  1. First apply the “Exceptions” profile to the “Live Production Account” using the “Merge, use profile” with the “include exceptions” option checked.
  2. Then apply the “Settings” profile to the same account using the “Merge, use profile” option with the “include exceptions” option unchecked.
  3. Whenever you need to update exceptions for the “Live Production Account”, just update the “Exceptions profile” and re-apply both the “Exceptions” and “Settings” profile.

Similarly, update the “Settings” profile to update rule settings for the same account and re-apply the “Settings” profile only.