Policy Exceptions
Secberus provides the ability to pause violations so that they are excluded from compliance and risk calculations, violation counts, and workflow notifications.
For example, say you have a policy that mandates all S3 buckets be encrypted, but in a few instances there is a good reason to break that rule, like hosting static material that's public. You can mark violations that occur for that bucket as an exception or create a rule to do so automatically.
Violations can be manually marked as an exception, or rules can be created based on resource metadata to automatically mark exceptions.
Managing violation status
To manually change the status of a violation, navigate to a policy where violations are occurring and select the Violations tab. Select a violation, and choose the Mark as exception or Un-mark as exception button in the table header. The violation status will update to reflect this change.
Clicking on a violation row will open the Violation details panel, which includes a Mark as exception or Un-mark as exception button in the panel header.
Creating automatic exception rules
To establish rules in order to automatically mark violations as exceptions, navigate to a policy and select the Details tab. Then initiate the settings menu and select Add exceptions.
Include a Description for the exception, then set the conditions, indicating what type of resource metadata to look for when marking exceptions. Use the + Add criteria button to add additional key:value pairs to the exception. Use the Create button to save the exception rule and associate it with the policy.
The exception rule will go into effect the next time the policy is run and the associated resource data is collected. Exception rules can be updated or removed at anytime.
Updated about 1 month ago