Customers and users want the ability to schedule scans at the timing of their choice and receive alerts when issues arise, and we’re happy to make a few announcements in this area today:
- Scan frequency: Until recently, the IBM Cloud® Security and Compliance Center would scan resources every 24 hours, by default, on all of the attachments in an account. With this release, users can continue to run daily scans—which is the recommended option—but they also have the option for more flexibility. Users can now choose to evaluate their resources weekly, monthly or just on-demand. Additionally, users can create an attachment without enabling a scan as they set up their account and then enable the scan to run at a later date.
- Enhanced notifications: Previously, scan notifications were set at an account level. By default, users were notified if 15% or more of their controls failed in a single scan. While the threshold percentage was customizable, it didn’t always provide the granularity that users are looking for. Now, users will have the ability to set the threshold for each attachment. Additionally, users are able to pick up to 15 specific controls that they can be notified for if they fail. These capabilities are independent, which means that if the threshold percentage isn’t met, but a specified control fails, the user is still notified for the control. If the user is in the process of setting up the account, notifications can be disabled and then re-enabled when ready. This capability allows for users to have the more granular control that they are looking for in notifications.
How do I get started?
Before you get started, be sure that you have the proper permissions and prerequisites to create an attachment and view results in the Security and Compliance Center.
- You must have the Editor platform role or higher to create an attachment. For more information, see Assigning access.
- You must have an IBM Cloud Object Storage bucket in which to store your results. To connect your bucket, you must have a service-to-service policy in place that enables communication between the Security and Compliance Center and Cloud Object Storage. For more information, see Configuring storage.
Step 1: Set up an instance of Event Notifications
To receive notifications for the Security and Compliance Center, you must have configured the IBM Cloud Event Notifications service to send them. To get started, you can use the following steps:
- In the console, click the Menu icon > Security and Compliance.
- In the Security and Compliance Center navigation, click Settings.
- In the Event Notifications section, click Connect.
- In the side panel, review the source details for the connection. Optionally, provide a description.
- Select the resource group and Event Notifications service instance that you want to connect.If an IAM authorization between the Security and Compliance Center and Event Notifications doesn’t exist in your account, a dialog is displayed. Follow the prompts to grant access between the services:
- To grant access between the Security and Compliance Center and Event Notifications, click Authorize.
- In the side panel, select Event Notifications as the target service.
- From the list of instances, select the Event Notifications service instance that you want to authorize.
- Select the Event Source Manager role.
- Click Review.
- Click Assign.
- To confirm the connection, click Connect. A success message is displayed to indicate that the Security and Compliance Center is now connected to Event Notifications. If you need to disconnect from Event Notifications later, you can use the options menu > Disconnect to remove the Security and Compliance Center as a source service in the Event Notifications instance.
Step 2: Configuring a scan
When you set up a scan, you have two options: recurring and on-demand. On-demand scans are useful as you are working toward a specific compliance program and you are frequently making changes but recurring scans will help to continuously monitor for compliance.
To start scanning your resources in the Security and Compliance Center, you must create an attachment to target your resources. To create an attachment, you can use the service UI:
- In the Security and Compliance Center navigation, click Profiles and select the profile that you want to evaluate. A profile details page opens.
- On the Attachments tab, click Create:
- Target your attachment by selecting a Scope and identifying any resources that you want to Exclude. Then, click Next.
- Optional: Customize the underlying evaluations in your scan by editing the default parameters to match your specific use case.
- Click Next.
- Toggle scanning to enabled to start scanning.
- Select the frequency at which you want to evaluate your attachment. Options include every day, every 7 days and every 30 days. If needed, you can pause scanning at a later date:
- Optional: Configure notifications:
- If you want to receive notifications, toggle Notify me to On.
- By default, when notifications are enabled, you are alerted when 15% or more of your controls fail in a single scan. You can change this by adjusting the Threshold percentage. For example, if you have a profile with 100 controls and you want to be notified if 5 of them fail, you would select 5% as your threshold:
- Select specific controls that you want to be notified about:
- If there are high-priority controls that pertain specifically to your job role, you might want to be notified every time they fail. You can identify up to 15 controls per scan that you can receive individual notifications for. These notifications are sent regardless of whether the threshold identified in the previous step has been met.
- Click Select control.
- Select the controls that you want to be notified about by checking the box next to the control.
- Click Ok:
- Review your choices and click Create:
When you create your attachment, a scan is scheduled. When the scan completes, your results are available in the Security and Compliance Center dashboard. To initiate an on-demand scan, you can select Run scan on the overflow menu in the row of the profile that you want to evaluate.
In order to ensure that we are helping you to deliver on your own mission, we’d like to hear from you with any feedback that you might have. To share your questions, comments, or concerns with us, use the Feedback button that can be found on any page of cloud.ibm.com.
The post Using advanced scan settings in the IBM Cloud Security and Compliance Center appeared first on IBM Blog.