Netskope Help

View Security Posture Compliance

Netskope SaaS Security Posture Management (SSPM) continuously audits all the SaaS resources to identify compliance rule violations. The Security Posture page provides the status of the checks on all the compliance rules and SaaS resources. To view the Security Posture page, go to API Data Protection > Compliance > Security Posture in the Netskope UI.

SSPM_Security_Posture_page.png

The page provides the last updated date and time in UTC.

You can toggle between Raw Findings, Rules, and Resources to view the audit results.

To export the table as a CSV file, click Export. You can choose which columns are shown by clicking the gear icon and enabling specific columns.

Click the Raw Findings tab to view the compliance findings of your rules and resources. This page provides an aggregated list of all the rules and resources that have failed, passed, remediated, and muted. You can select the check box beside a rule or select multiple check boxes and mute or unmute rule(s). The Raw Findings tab displays the following information:

  • Has Error: Rules that have errors.

  • Status: Status of the rule when checked against the resource. If the resource contains rule violations, the rule status shows Failed.

  • Profile: The name of the profile against which the rule is checked.

  • Policy: Name of the security posture policy.

  • Severity: The level of severity of the violation. There are four levels: Critical, High, Medium, and Low.

  • Cloud Provider: The cloud service provider. Netskope provides security for Amazon Web Services, Microsoft Azure, Google Cloud Platform, Microsoft 365, GitHub, Salesforce, ServiceNow, and Zoom.

  • Instance Name & ID: Name of the SaaS account instance and ID.

  • Region Name: The location of the account.

  • Resource Category: The SaaS resources category.

  • Resource Type: The SaaS resource type.

  • Failing Since: The date since the rule is failing.

  • Muted: Status If the rule is muted.

  • Compliance Standard: Gives a brief description of the rule.

Click the Rules tab to view information on rules compliance. The Rules tab displays the following information:

  • With Errors: The total number of rules with errors.

  • Rules Failed: The total number of compliance rules that failed against a resource. 

  • Rules Passed: The total number of compliance rules that passed against a resource.

  • Total Rules: The total number of compliance rules checked against a resource.

  • Status: Status of the rule when checked against the resource. If the resource contains rule violations, the rule status shows Failed.

  • Name: The compliance rule name.

  • Severity: The level of severity of the violation. There are four levels: Critical, High, Medium, and Low.

  • Resource Category: The SaaS resources category.

  • Resource Type: The SaaS resource type.

  • Cloud Provider: The cloud service provider. Netskope provides security for Amazon Web Services, Microsoft Azure, Google Cloud Platform, Microsoft 365, GitHub, Salesforce, ServiceNow, and Zoom.

  • # Failed Resources: The total number of resources that failed the compliance rule.  

  • # Unknown Resources: the total number of unknown resources.

  • # Passed Resources: The total number of resources that passed the compliance rule.

  • # Total Resources: The total number of resources checked against a compliance rule.

Click the Resources tab to view information on the SaaS resources. The Resources tab displays the following information:

  • With Errors: The total number of resources with errors.

  • Status: Status of the resource when checked for compliance. If the resource contains rule violations, the resource status shows Failed.

  • Name: The resource name.

  • Region: The location of the account.

  • Resource Category: The SaaS resources category.

  • Resource Type: The SaaS resource type.

  • Cloud Provider: The cloud service provider. Netskope provides security for Amazon Web Services, Microsoft Azure, Google Cloud Platform, Microsoft 365, GitHub, Salesforce, ServiceNow, and Zoom.

  • Account: The account name of the SaaS service. 

  • # Failed Rules: The total number of compliance rules that failed against a resource.

  • # Unknown Rules: The total number of unknown rules.

  • # Passed Rules: The total number of compliance rules that passed against a resource.

  • # Total Rules: The total number of compliance rules checked against a resource.

Using Filters

By default, the Raw Findings, Rules, and Resources pages display the latest audit results. You can choose to view the results for a specific date.

To filter your view by a specific date, 

  1. Click the Time drop-down to select Latest Result or As of Date to select a specific date.

  2. Specify the date and time in the date picker. Click Apply.

You can filter the results displayed on the page by selecting Resource Category, Tags, and Cloud Provider. To further narrow the results on the page, click Add Filter and select an option from the list. 

You can choose to filter based on the following options.

  • Status: Select Failed or Passed.

  • With Error: Select Yes or No.

  • Muted: Select Yes or No.

  • Last Remediation Status: Select None, Started, Completed, or Error.

  • Remediated By: Select Auto-remediation or On-demand remediation.

  • Rule name: Select Rule Name and enter a rule name in the search field.

  • Profile: Select a security assessment profile from the list.

  • Policy: Select security assessment policy from the list.

  • Severity: Select a severity level. They are four levels: Critical, High, Medium, and Low. 

  • Compliance Standard: Select or search for a compliance standard. For example, NIST-CSF-1.1.

  • Resource Name: Select Resource Name and enter a resource name in the search field. 

  • Netskope Resource ID: Select Netskope Resource ID and enter a resource ID in the search field. 

  • Account: Select Account Name and enter an account name in the search field. 

  • Region: Select Region and select a region from the list or enter the region in the search field.

Rule Detail

You can click on a rule in the rules table in the Rules or Raw Findings pages to view detailed information about the rule. The Rule Detail window provide a description of the rule.

The window contains the following three tabs,

  • Definition: The rule syntax defining the predefined or custom rule. Custom rules can be defined using Domain Specific Language.

  • Remediation: The remediation action to be performed to remediate the violation. Some rules also provide manual steps to remediate the violation.

  • Compliance: The various compliance standards that the rule satisfies. This tab provides the compliance standard, section, control, and description of the rule defined in the compliance standard's documentation.

  • Other: Displays the rule description, service the resource uses, and rule type; custom or predefined.

Reporting

Use the Reports option to create a compliance report or to view existing reports.

  1. Under Reports, select Create Compliance Report to build a custom template for your compliance reports and create a schedule to generate the reports. The Cloud Infrastructure Compliance Report page is displayed.

    ci_compliance_report.png
  2. Under Build Template, provide a report name and description.

  3. Click on the default Security Assessment widget. You can edit the name of the widget.

  4. Under Query, select a cloud provider and add filters to query the compliance findings. When finished, click Save to save the query to the widget.

  5. Click Next to create a reporting scheduling.

  6. Select the frequency and time at which the reports are to be generated.

  7. Specify the users to notified and select the output format as PDF or CSV or both. Click Create and then click Done.

The compliance report template is displayed in the Reports page. You can also view the Reports page from API Data Protection > Compliance > Security Posture, then click Reports > Go To Reports Page.

Handling Compliance Findings

You can mute failed assessments to indicate false positives or allow DevOps team some time to remediate. The mute feature does the following:

  • Automatically acknowledges any alerts generated from an assessment. The alerts are muted indefinitely, until you unmute. This allows you to grant a DevOps team a window of time to remediate the service configurations to get compliant.

  • Excludes the failed resources (when muted) in computing the compliance score for a profile.

You can access the mute and unmute capability under API Data Protection > Compliance > Security Posture.

To mute a rule-resource pair,

  1. Click on Raw Findings tab.

  2. Click the More Options icon (...) to the right of the rule name and click Mute.

  3. In the Mute window, select how long you want to mute this finding. You can add a short label under Justification Label to justify why you're muting this finding.

  4. Click Mute.

Since every finding has a corresponding SkopeIT alert, muting a finding auto acknowledges the corresponding alert. You will stop receiving alerts related to failed rule-resource pair until you click Unmute.