03-11-2020 11:06 AM - last edited on 09-02-2020 10:59 AM by CHopson
Onboarded our cloud account and had created a recurring compliance report. Some 'default' resource name were included in the report. How can we exclude the 'default' VPCs/resource name?
03-23-2020 06:39 AM
This would need to be handled at the specific policy level. However, I would recommend against it. Fundamentally, the default resources could still be used, and are outside of normal security guardrails. Thus you are introducing a blind spot, by not addressing them.
Our recommendation, is to fully secure the default resources as well, to ensure that in the event a user inadvertently associates a resource with a default resource, you are not exposed, or vulnerable.
03-23-2020 06:39 AM
This would need to be handled at the specific policy level. However, I would recommend against it. Fundamentally, the default resources could still be used, and are outside of normal security guardrails. Thus you are introducing a blind spot, by not addressing them.
Our recommendation, is to fully secure the default resources as well, to ensure that in the event a user inadvertently associates a resource with a default resource, you are not exposed, or vulnerable.
03-23-2020 07:27 AM
Thanks for the response.
Understood. This has to be done on the policy level by modifying the RQL. Makes sense as well to address the alerts on the default VPCs - which we had done.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
