Posture Controls

Overview

With the Posture Controls library, you can see the logic behind the compliance results by drilling into the control details:

  • To ensure that this compliance product is fit for your organization’s needs
  • To know precisely what has been or will be evaluated
  • To review a specific control to see its logic and remediation

The features are under development.

Prerequisites

This feature requires the new Compliance component.

If necessary, review:

How Controls are Structured

Sysdig controls are built on the Open Policy Agent (OPA) engine, using OPA’s policy language, Rego. The Posture Controls library exposes the code used to create the controls and the inputs they evaluate, providing full visibility into their logic. You can download the code as a JSON file.

  1. Select Policies > Posture|Controls.

  2. Select a specific control to open it in the right panel and work with it.

Filter the List

Use the filters on the left side to limit the control list by:

  • Free text search: Enter free text on any word or part of a word in the name
  • Severity: Choose the severity level(s) assigned to the control(s) - H, M, L
  • Type: Choose an infrastructure type from the drop-down list (Cluster, Host, Identity, Resource)
  • Target: The a specific platforms, distributions and supported version(s) (if relevant) that a control will evaluate resources against. Online cloud platforms such as AKS/AWS/GCP/Azure do not have versioning but always relate to the latest version

Add multiple parameters to create more specific filter expressions.

Review Control Logic and Remediation

  1. Select a specific control.

  2. Review basic attributes. At the top of the right panel you can see:

    • Control title

    • Severity

    • Type (e.g. Host)

    • Author (e.g. Sysdig for out-of-the-box controls)

    • Description

    • Policies to which the control is linked.

      Hover over the policy names to get full details, such as the exact requirement number for the particular compliance standard.

  3. Code: Use the provided code snippets.

    At this time, the code provides visibility into the precise objects that are evaluated and how the evaluation rules are structured. The display includes Inputs (where applicable) and the evaluation code written in Rego.

    You can copy and/or download the input as a .json file.

  4. Remediation Playbook: Follow the recommended steps in the Remediation Playbook to resolve failing controls.

    In some cases, you will need to provide the applicable input in the provided remediation code.