The recommendations dashboard offers insights into the violations and findings displayed in the Compliance dashboard and provides options for resolution.
While the security findings mentioned in the Compliance Dashboard have individual recommendation view buttons, the Recommendation dashboard provides the consolidated list of all such violations and the recommended actions. The violations for each unique policy are displayed and can be grouped based on a cloud account or category.
Like in other dashboards, the first thing you can view is the Tenant wise summary of no. of recommendations. You can click on a specific Tenant to view the details and take actions.
Once a Tenant is selected, you can see the summary info for that Tenant which provides the below data:
- Total Recommendations – This shows the total number of recommendations for that Tenant.
- Open Recommendations – This shows the number of unresolved and open recommendations.
- Skipped Recommendations – These are the recommendations that have been acknowledged but will not be resolved. The user wants the status quo maintained.
- Cost Savings Recommended – Shows the dollar value that has been / can be saved by following the recommendations.
- Cost Savings Till Date – The dollar value saved by following recommendations till date is listed here.
You can toggle the view to list the recommendations as per Category or by Cloud Account. If you click category, you can view the recommendations grouped by Security, Cost Optimization and Standards categories. Alternatively, you can view the recommendations grouped by each Cloud Account.
In the left panel, the violated policy along with its severity indicator (Red / Amber / Green), Policy Name, Cloud Account and the count of impacted resources are displayed.
Once you select this violation, you would see the actual list of resources on the right side. The drop-down above the list of resources will have the list of available remedial actions for this violation. You can also “Skip” certain violations if you prefer not to take any of the actions.
The actions listed in the dropdown are based on the Remediation Actions configured for that policy in the Policy Module. These are essentially Templates from the Template Module. On selecting a specific action to be executed, and once you click “Apply” – you will see a pop-up which requests the necessary input values to execute the Template.
Once the action is initiated, you can view the status of the action by checking the Template Job History.
The Remediation Action varies from policy to policy. For example, for a storage policy, it can be “Delete Storage” and for a security group policy it can be “Revoke Rule”, etc.
Skip – This action will acknowledge the issue but will not have any impact on the finding. CoreStack’s machine learning capabilities will learn to not mark it as a security finding in the future.