CSPM Controls (Preview)
With the CSPM Controls library, you can see the logic behind the compliance results by drilling into the control details:
- To ensure that this compliance product is fit for your organization’s needs
- To know precisely what has been or will be evaluated
- To review a specific control to see its logic and remediation
The features are under development.
This feature requires the Actionable Compliance component, also currently in preview state.
If necessary, review:
How Controls are Structured
Sysdig controls are built on the Open Policy Agent (OPA) engine, using OPA’s policy language, Rego. The CSPM Controls library exposes the code used to create the controls and the inputs they evaluate, providing full visibility into their logic. You can download the code as a JSON file.
Navigate CSPM Rules List
Policies > Actionable Compliance | CSPM Controls.
Select a specific control to open it in the right panel and work with it.
Filter the List
Use the unified filter bar on the left side to limit the control list by:
- Name: Use
Containsto enter free text on any word or part of a word in the name
- Severity: Choose the severity level(s) assigned to the control(s) from the drop-down list
- Type: Choose an infrastructure type from the drop-down list
Add multiple parameters to create more specific filter expressions.
Review Control Logic and Remediation
Select a specific control.
Review basic attributes. At the top of the right panel you can see:
Code: Use the provided code snippets.
At this time, the code provides visibility into the precise objects that are evaluated and how the evaluation rules are structured. The display includes Inputs (where applicable) and the evaluation code written in Rego.
- You can copy and/or download the input as a .json file and the
Remediation Playbook: Follow the recommended steps in the Remediation Playbook to resolve failing controls.
In some cases, you will need to provide the applicable input in the provided remediation code.
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.