Cloud Posture
The cloud posture provides complete details of controls evaluations for your cloud resources. Let us vew the evaluations details.
Let us see what each number signifies
1 - Total number of controls that are evaluated.
2 - Total number of evaluations. A unique combination of resource and control is treated as one evaluation.
3 - Number of evaluations that Passed. The Pass count includes control evaluations that are passed as well as passed with exception.
4 - Number of evaluations that Failed
5 - Number of failed evaluations with high criticality
6 - Number of failed evaluations with medium criticality
7 - Number of failed evaluations with low criticality
8 - Number of failed evaluations for remediable controls
Note: When you change criticality of a control, the revised control criticality for existing evaluations is effective upon next connector run.
Each control is evaluated against the applicable resources which is represented by Total Resources. Number represented by green represents the number of pass resources that have the desired configuration as per the control. Number represented by red represents the number of failed resources.
Click any control to get details of all the resources evaluated against the control.
Search Policy Controls
Find all about your policies and control evaluations and get up to date information quickly using Qualys Advanced Search.
Go to Posture tab. You will notice a Search field above the controls list (you can also search on other tabs). This is where you'll enter your search query.
Start typing and we'll show you the properties you can search such as account ID, control criticality, control result, etc. Select the one you're interested in.
Now enter the value you want to match, and press Enter. You can also choose a date range. That's it! Your matches will appear in the list.
You'll notice a Search field and this is where you'll enter your search query. Start typing and we'll show you the properties you can search such as cid, control.name, and so on. Select the one you're interested in.
You could perform various actions on the controls such as re-evaluate the control, create exception for a failed resource, and so on. Select the control and click Actions or the quick actions menu. See Exceptions to know more about exception.
To know what led the control to pass or fail, click Evidence. The Evidence details will tell you the reason that led the control to pass or fail.
Known Issues
- When using the
tags.nameQQL token in the Posture tab, there is a delay in the response of the Policy Pivot filter. Upon clicking the Policy Pivot filter for the first time after applying the tag, the result set does not update as expected. The issue can be resolved by using brackets () in each QQL query. For example, use (tags.name:xyz) AND (policy.name:"AWS Best Practices Policy") instead of tags.name AND policy.name:"AWS Best Practices Policy". - When using the
tags.nameandisRemediabletokens with an AND operation in the Posture tab, theisRemediabletoken is ignored, and onlytags.nameresults are returned. The issue can be resolved by using brackets () in each QQL query. For example, use (tags.name) AND (isRemediable) instead of tags.name AND isRemediable. - When a connector tag is removed, the tag is cleared from active assets but remains on terminated assets since their discovery does not occur post-termination.
- When a connector or exception tag is applied on the Dashboard, the results are correctly displayed on the evaluation widgets. However, clicking on the widget to navigate to the respective tab (e.g., Posture) does not reflect the correct count or results. Additionally, if the same tag is applied both on the dashboard and within the widget settings, no results are displayed. Applying tags.name token individually to each widget and then navigating to respective tabs works as expected.