|   Trend Micro Cloud One™
Open menu

Model: Check

Last updated: 12 January 2020

What are Checks?

When a rule is run against the infrastructure (resources) associated with your AWS account, the result of the scan is referred to as a Check. For example, an EC2 Security Group may have 50 Cloud Conformity Rules (Checks) scanning for various risks / vulnerabilities.

Viewing Checks

To view Checks associated with an account, click Browse all checks on the summary section of the Cloud Conformity Dashboard.

Each Check has the following information associated with it:

  1. Status
    1. Failure - rule has failed for a specific resource
    2. Success - rule has passed for a specific resource
    3. Suppressed - rule has been suppressed and its status will not be included in your compliance score
  2. Failure introduced date
  3. A message describing the issue
  4. Account
  5. Region
  6. A link to the resource

Check Actions

You can take the following actions on a Check:

  1. Resolve the failures
  2. On clicking the expand button against a rule or a resource:
    1. Send rule to
    2. Configure rule
    3. Suppress
    4. Create tickets depending on the communication channels configured

Failure and Success Definition

Every Rule has an implementation associated with it, which will then determine if a Check against the Rule is successful or not. For example, if you have an S3 bucket with public read permissions enabled, the “S3 Bucket Public ‘READ’ Access”’ Rule will be applied towards all S3 buckets in your AWS account. If any S3 bucket has Public Read enabled, then the Check for that S3 bucket is a failure.

Rules that are informational will not have a status attached to it. Instead, the status would be marked as Not Scored