Follow

Completing Remediation Actions in Cloud Insight | Best Practices

Description

The Remediations page in the Alert Logic® Cloud Insight console houses all the suggested remediations found within your environment. They are sorted by rank to show which remediation will have the most positive impact on your environment's security posture if completed. The My Plan page in the Cloud Insight console allows you to take responsibility for remediations found in the Remediations page by assigning them to your plan.

The following article describes an Alert Logic best practice process for completing the suggested remediation actions for your environments that utilize Cloud Insight. You will learn how to view your remediation details, assign a remediation to your remediation plan, and move the remediation out of your plan and into its final state.

View Remediations

Remediations are found on the Remediations page of the Cloud Insight console. Each remediation can be viewed in more detail by clicking the Details button to the right of the remediation.

rem1.png

Once you open a remediation, you can click on the individual exposures or CVEs shown in the left column. This gives you a brief description of the issue or exposure, environmental impact, and Alert Logic's recommended resolution steps.

rm2.png

The middle column shows all the assets affected by the exposure. You can click on any asset to show the relevant metadata.

The right column shows the evidence from your Amazon Web Services environment for each remediation and relevant asset.

You can add a remediation directly from the Remediations page listing by clicking the check box to the right of one or more remediations as show in the following image. Once you have chosen the desired remediation(s), click Add to My Plan and your selections will be added to your personalized plan. You can also add a remediation to your remediation plan while in the detailed remediation view by utilizing the same Add to My Plan button.

rem3.png

Move a Remediation Out of My Plan

Once a remediation is in your plan, you will be able to execute the steps to correct the issue within your environment. When you finish your remediation efforts, you can either:

  1. Allow Cloud Insight to auto close the issue during the next scan.

  2. Mark the issue as Complete for validation by Cloud Insight. Issues marked complete that require further action will be re-opened.

The Dispose button allows you to remove the remediation as an acceptable risk, false positive, or compensating control. You are also able to specify how long you want the remediation removed from the Remediations page. Select the appropriate option from the as and until drop-down lists, include any necessary notes, and then click Dispose.

The Remove From My Plan button removes the remediation from your personalized plan and places it back into the Remediations page for another user to take ownership of.

NOTE: Remediation disposals only apply to the affected assets. Any new assets that are affected by that same issue will automatically be presented to you for individual evaluation.

ci10.png

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.