Compliance Policies
note
Click the link in the Policy Name column to access the corresponding policy template.
Enterprises typically have multiple compliance requirements but struggle to automate them which leads to downtime as well as resource waste. By having a strong compliance strategy but also ability to quickly automate it provides peace of mind and avoids business interruption.
| Policy Name | Description |
|---|---|
| AWS Disallowed Regions | Checks for instances that are in a disallowed region with the option to terminate them. |
| AWS EC2 Instances not running FlexNet Inventory Agent | Checks for instances that are not running the IT Asset Management Agent. |
| AWS IAM Role Audit | Verifies whether the provided roles exist in an account. |
| AWS Long-Stopped EC2 Instances | Checks for EC2 instances that have been stopped for a long time with the option to terminate them after approval. |
| AWS Service Control Policy Audit | Verifies whether the provided service control policy is applied across all accounts in an AWS organization. |
| AWS Untagged Resources | Finds all taggable AWS resources missing any of the user provided tags with the option to update the tags. |
| AWS Unused ECS Clusters | Reports and remediates any ECS clusters that are not currently in use. |
| Azure AHUB Utilization with Manual Entry | Reports when AHUB usage in Azure falls outside or inside the number of licenses specified by the user. |
| Azure Disallowed Regions | Check for instances that are in a disallowed region with the option to power off or delete them. |
| Azure Instances not running FlexNet Inventory Agent | Checks for instances that are not running the IT Asset Management Inventory Agent. |
| Azure Long Stopped Compute Instances | Checks for virtual machines that have been stopped for a long time with the option to terminates them after approval. |
| Azure Policy Audit | Checks for policies applied to Azure Subscriptions. |
| Azure Regulatory Compliance | Provides an overview for the various Regulatory Compliance controls and generates an email with the results. |
| Azure Subscription Access | Lists anyone who has been granted Owner or Contributor access to an Azure subscription. |
| Azure Tag Resources with Resource Group Name | Scans all resources in an Azure Subscription, raises an incident if any resources are not tagged with the name of their Resource Group, and remediates by tagging the resource. |
| Azure Untagged Resources | Finds all taggable Azure resources missing any of the user-provided tags with the option to update the tags. |
| Azure Untagged Virtual Machines | Checks for Azure virtual machines missing the user-specified tags. An incident is raised containing the untagged virtual machines, and the user has the option to power off, delete, or tag the virtual machines. This policy is specific to virtual machines (Microsoft.Compute/virtualMachines). The Azure Untagged Resources policy is recommended for finding untagged resources that are not virtual machines. |
| Billing Center Access Report | Generates an access report by Billing Center. |
| Flexera IAM Explicit User Roles | Identifies users in Flexera IAM that have explicit user roles assigned. |
| GitHub.com Available Seats Report | Gets the number of available seats for a licensed GitHub Org and creates an incident if they are out of the policy range. |
| GitHub.com Repositories without Admin Team | Gets the repositories under a GitHub.com Organization and creates incidents for any that do not have at least 1 Team assigned with the “admin” role. |
| GitHub.com Repository Branches without Protection | Gets the repositories and branches under a GitHub.com Organization and creates incidents for any that do not have protection enabled for their default branch. |
| GitHub.com Unpermitted Outside Collaborators | Gets all the Outside Collaborators (Users that have been granted access to a repository, but are not Members of the repository owner's Organization) under GitHub.com Organization(s) and creates an incident for each user that is not included in the specified username safelist. |
| GitHub.com Unpermitted Repository Names | Gets the names of all repositories under GitHub.com Organization(s) and creates incidents for any that do not match any of the safelisted regex strings. |
| GitHub.com Unpermitted Sized Repositories | Gets all repositories under GitHub.com Organization(s) and creates incidents for any that were created longer than a specified number of days ago, and are smaller than a specified size. |
| GitHub.com Unpermitted Top-Level Teams | Gets the top-level / parent Teams for a GitHub.com Org and creates an incident if any do not match the safelisted values. |
| Google Long-Stopped VM instances | Reports on any Google VM instances that have been stopped for a long time with the option to delete them. |
| Google Unlabeled Resources | Finds all Google Cloud resources (disks, images, instances, snapshots, buckets, vpn Gateways) missing any of the user-provided labels with the option to update the resources with the missing labels. |
| ITAM Expiring Licenses | Looks up active IT Asset Management Licenses expiring within a defined time period and sends the result as an email. |
| ITAM Ignored Recent Inventory Dates | Looks for machines that are ignored but have been inventoried recently and sends the result as an email. |
| ITAM Missing Active Machines | Looks for machines that are active but haven't checked in and sends the result as an email. |
| ITAM Overused Licenses | Looks up software licenses and reports in an email any licenses that are overused. |
| ITAM VMs Missing Host ID | Looks for virtual machines that are active but are missing a Host ID. |