Sometimes, it’s necessary to exclude certain checks, rules, or resources during a cloud security scan for valid reasons. Below are some common scenarios and how to handle them using Saner CSPA:
Why Exclude a Rule or Check?
- Irrelevant Findings: A rule might flag an issue that is intentional for your environment.
Example: An S3 bucket is flagged as publicly accessible, but this is required because it hosts a public website. - Non-Applicability: Not all checks apply to every environment or project.
Example: A check enforcing multi-factor authentication (MFA) for all IAM users is irrelevant if your organization exclusively uses federated access. - Legacy Systems: Older architectures or legacy systems might not fully support certain security best practices immediately.
Example: A legacy application might still rely on outdated encryption protocols that cannot be updated without significant effort.
How to Exclude or Whitelist “Rules” in Saner CSPA?
Saner CSPA allows you to assess and exclude specific anomaly IDs from scans. Follow these steps to whitelist anomalies:
Step 1: Navigate to the CSPA dashboard
Step 2: Click the Whitelist link on the top-right of the page
Step 3: Select the anomaly IDs you wish to exclude by checking the corresponding checkboxes
Step 4: Click Save to confirm your changes
Result: The Whitelisted anomalies display in the Posture Anomaly Details block on the dashboard. Click the eye icon within the block to see the anomalies you just whitelisted.
How to Exclude or Whitelist “Resources” in Saner CSPA?
Step 1: From the Posture Anomaly Details block on the dashboard, click on the ID that you want to whitelist. The Details page for that ID opens.
Step 2: From the Anomaly Data block on the Details page, click the checkbox to select the relevant anomaly
Step 3: Select the checkbox corresponding to the ID
Step 4: Click the Whitelist menu icon, next to the search box within the Anomaly Data block. Hover over the icon to see the name.
The Confirmation message displays prompting you to confirm if you want to whitelist the selected resources.
Step 5: Click the Whitelist button to confirm your selection.
Step 6: To see the whitelisted ids, click the eye icon within the Anomaly Data block. Hover over the icon to see the name.
[OPTIONAL] To remove the whitelisted ids, just select the checkbox(es) and click the Remove button on the top-right next to the search box within the window.
View the Whitelisted IDs
To review the whitelisted IDs:
Step 1: Navigate to the Posture Anomaly Details section on the dashboard.
Step 2: Click the eye icon to view all the whitelisted IDs.
Alternatively, access the “All Anomalies” link on the top-right of the dashboard and search for the id you whitelisted. If the ID does not display on the page, understand that its whitelisted.
Observe the Reduction in Posture Distribution Total Count
On the Saner CSPA dashboard, take note of the current count that has reduced after excluding(whitelist) the rule/check from the cloud security scan.
See Also
