|   Trend Micro Cloud One™
Open menu

Model: Check

Last updated: 12 January 2020

What are Checks?

When a rule is run against the infrastructure (resources) associated with your AWS account, the result of the scan is referred to as a Check. For example, an EC2 Security Group may have 50 Cloud Conformity Rules (Checks) scanning for various risks/vulnerabilities.

Viewing Checks

To view Checks associated with an account, click Browse all checks on the summary section of the Cloud Conformity Dashboard.

Each Check has the following information associated with it:

  1. Status
    1. Failure - rule has failed for a specific resource
    2. Success - rule has passed for a specific resource
    3. Suppressed - rule has been suppressed and its status will not be included in your compliance score
  2. Failure introduced date
  3. A message describing the issue
  4. Account
  5. Region
  6. A link to the resource

Check Actions

You can take the following actions on a Check:

  1. Resolve the failures
  2. On clicking the expand button against a rule or a resource:
    1. Send rule to
    2. Configure rule
    3. Suppress
    4. Create tickets depending on the communication channels configured

Failure and Success Definition

Every Rule has an implementation associated with it, which will then determine if a Check against the Rule is successful or not. For example, if you have an S3 bucket with public read permissions enabled, the “S3 Bucket Public ‘READ’ Access”’ Rule will be applied towards all S3 buckets in your AWS account. If any S3 bucket has Public Read enabled, then the Check for that S3 bucket is a failure.

Not Scored Checks

Some rules are documented by Conformity but cannot be tested against your cloud infrastructure due to not being applicable to cloud infrastructure or limitations of the data provided by the cloud provider. Rules that are only informational are identified as Not Scored.

Conformity may not be able to test the Rule completely, we do provide you with some high-level information that can be beneficial, e.g. Check whether ‘Alternate contacts for your AWS Accounts’ have been set up. You can pass on the information to your team via a communication channel and keep them informed as well.

You can neither ‘Resolve’ or ‘Suppress’ these Rules as they do not affect your compliance score.

To view a list of all Not Scored Rules in your account:

  1. Browse All Checks report.
  2. Enter “not scored” in the Filter by resource id, rule title or message.
  3. Click Generate Report.