diff --git a/docs/cloud-native-security/cspm-benchmark-rules.asciidoc b/docs/cloud-native-security/cspm-benchmark-rules.asciidoc index 466e070e14..6bcebcf5b8 100644 --- a/docs/cloud-native-security/cspm-benchmark-rules.asciidoc +++ b/docs/cloud-native-security/cspm-benchmark-rules.asciidoc @@ -1,8 +1,13 @@ [[cspm-benchmark-rules]] -= Benchmark rules -The Benchmark Integrations page lets you view the cloud security posture (CSP) benchmark rules for the <> (CSPM) and <> (KSPM) integrations. += Benchmarks +The Benchmarks page lets you view the cloud security posture (CSP) benchmark rules for the <> (CSPM) and <> (KSPM) integrations. -Benchmark rules are used by these integrations to identify configuration risks in your cloud infrastructure. Benchmark rules are based on the Center for Internet Security's (CIS) https://www.cisecurity.org/cis-benchmarks/[secure configuration benchmarks]. +[role="screenshot"] +image::images/benchmark-rules.png[Benchmarks page] + +[discrete] +== What are benchmark rules? +Benchmark rules are used by the CSPM and KSPM integrations to identify configuration risks in your cloud infrastructure. Benchmark rules are based on the Center for Internet Security's (CIS) https://www.cisecurity.org/cis-benchmarks/[secure configuration benchmarks]. Each benchmark rule checks to see if a specific type of resource is configured according to a CIS Benchmark. The names of rules describe what they check, for example: @@ -11,21 +16,21 @@ Each benchmark rule checks to see if a specific type of resource is configured a * `Ensure IAM policies that allow full "*:*" administrative privileges are not attached` * `Ensure the default namespace is not in use` +When benchmark rules are evaluated, the resulting <> data appears on the <>. -When benchmark rules are evaluated, the resulting <> data appears on the <>. +NOTE: Benchmark rules are not editable. -To find the Benchmark Integrations page, go to **Rules -> Benchmark rules**. From there, you can view the benchmark rules associated with an existing integration by clicking the integration name. +[discrete] +== Review your benchmarks -[role="screenshot"] -image::images/benchmark-rules.png[Benchmark rules page] +To access your active benchmarks, go to **Rules -> Benchmarks**. From there, you can click a benchmark's name to view the benchmark rules associated with it. You can click a benchmark rule's name to see details including information about how to remediate it, and related links. -You can then click on a benchmark rule's name to see details, including information about how to remediate failures and related links. +Benchmark rules are enabled by default, but you can disable some of them — at the benchmark level — to suit your environment. This means for example that if you have two integrations using the `CIS AWS` benchmark, disabling a rule for that benchmark affects both integrations. To enable or disable a rule, use the **Enabled** toggle on the right of the rules table. -NOTE: Benchmark rules are not editable. +NOTE: Disabling a benchmark rule automatically disables any associated detection rules and alerts. Re-enabling a benchmark rule **does not** automatically re-enable them. [discrete] == How benchmark rules work - . When a security posture management integration is deployed, and every four hours after that, {agent} fetches relevant cloud resources. -. After resources are fetched, they are evaluated against all applicable benchmark rules. +. After resources are fetched, they are evaluated against all applicable enabled benchmark rules. . Finding values of `pass` or `fail` indicate whether the standards defined by benchmark rules were met. diff --git a/docs/cloud-native-security/images/benchmark-rules.png b/docs/cloud-native-security/images/benchmark-rules.png index a05804e2bf..107ba0ca1e 100644 Binary files a/docs/cloud-native-security/images/benchmark-rules.png and b/docs/cloud-native-security/images/benchmark-rules.png differ diff --git a/docs/cloud-native-security/kspm-benchmark-rules.asciidoc b/docs/cloud-native-security/kspm-benchmark-rules.asciidoc index 2a41478692..c8b44f6759 100644 --- a/docs/cloud-native-security/kspm-benchmark-rules.asciidoc +++ b/docs/cloud-native-security/kspm-benchmark-rules.asciidoc @@ -1,8 +1,13 @@ [[benchmark-rules]] -= Benchmark rules -The Benchmark Integrations page lets you view the cloud security posture (CSP) benchmark rules for the <> (CSPM) and <> (KSPM) integrations. += Benchmarks +The Benchmarks page lets you view the cloud security posture (CSP) benchmark rules for the <> (CSPM) and <> (KSPM) integrations. -Benchmark rules are used by these integrations to identify configuration risks in your cloud infrastructure. Benchmark rules are based on the Center for Internet Security's (CIS) https://www.cisecurity.org/cis-benchmarks/[secure configuration benchmarks]. +[role="screenshot"] +image::images/benchmark-rules.png[Benchmarks page] + +[discrete] +== What are benchmark rules? +Benchmark rules are used by the CSPM and KSPM integrations to identify configuration risks in your cloud infrastructure. Benchmark rules are based on the Center for Internet Security's (CIS) https://www.cisecurity.org/cis-benchmarks/[secure configuration benchmarks]. Each benchmark rule checks to see if a specific type of resource is configured according to a CIS Benchmark. The names of rules describe what they check, for example: @@ -11,21 +16,21 @@ Each benchmark rule checks to see if a specific type of resource is configured a * `Ensure IAM policies that allow full "*:*" administrative privileges are not attached` * `Ensure the default namespace is not in use` +When benchmark rules are evaluated, the resulting <> data appears on the <>. -When benchmark rules are evaluated, the resulting <> data appears on the <>. +NOTE: Benchmark rules are not editable. -To find the Benchmark Integrations page, go to **Rules -> Benchmark rules**. From there, you can view the benchmark rules associated with an existing integration by clicking the integration name. +[discrete] +== Review your benchmarks -[role="screenshot"] -image::images/benchmark-rules.png[Benchmark rules page] +To access your active benchmarks, go to **Rules -> Benchmarks**. From there, you can click a benchmark's name to view the benchmark rules associated with it. You can click a benchmark rule's name to see details including information about how to remediate it, and related links. -You can then click on a benchmark rule's name to see details, including information about how to remediate failures and related links. +Benchmark rules are enabled by default, but you can disable some of them — at the benchmark level — to suit your environment. This means for example that if you have two integrations using the `CIS AWS` benchmark, disabling a rule for that benchmark affects both integrations. To enable or disable a rule, use the **Enabled** toggle on the right of the rules table. -NOTE: Benchmark rules are not editable. +NOTE: Disabling a benchmark rule automatically disables any associated detection rules and alerts. Re-enabling a benchmark rule **does not** automatically re-enable them. [discrete] == How benchmark rules work - . When a security posture management integration is deployed, and every four hours after that, {agent} fetches relevant cloud resources. -. After resources are fetched, they are evaluated against all applicable benchmark rules. +. After resources are fetched, they are evaluated against all applicable enabled benchmark rules. . Finding values of `pass` or `fail` indicate whether the standards defined by benchmark rules were met. diff --git a/docs/getting-started/security-ui.asciidoc b/docs/getting-started/security-ui.asciidoc index ffd6f6d1a2..745533b094 100644 --- a/docs/getting-started/security-ui.asciidoc +++ b/docs/getting-started/security-ui.asciidoc @@ -92,7 +92,7 @@ Expand this section to access the following pages: [role="screenshot"] image::images/all-rules.png[Rules page] + -* <>: View, enable, or disable benchmark rules. +* <>: View, set up, or configure cloud security benchmarks. + [role="screenshot"] image::images/benchmark-rules.png[Benchmark Integrations page]