View and Download Misconfigurations

Tenable Cloud Security shows misconfigurations when resources fail to comply with the configured policies. You can view and download a CSV report of misconfigurations from the Misconfigurations page. You can also view the resources impacted by these misconfigurations and remediate the impacted resources. You can perform the following tasks from the Misconfigurations page:

To view misconfigurations and download the Misconfigurations report:

You can do the following to configure your export:

  • Select up to five or all misconfigurations in the exported report.

  • Select the fields you want to include in the report.

  • Schedule the time and frequency for generating the report.

  • Schedule and send emails with a link to download the report to a list of recipients.

  1. In the left navigation bar, click Findings.

    The Misconfigurations page appears.

  2. On the Misconfigurations page, do one of the following:

    • Use the Search box to search for specific failing policies.

    • Use the following filters:

      1. Click the Filters icon to open the Filter Misconfigurations box.

      2. Select the following filters as needed.

        Filter Description
        Projects Filters the failing policies by projects.
        Cloud account Filters the failing policies by cloud accounts.
        Repository Filters the failing policies by repositories.
        Category Filters by resource category.
        Severity Filters by the severity of the failing policy: High, Medium, Low, Info.
        Source Filters by the source for the policy violation: Cloud or IaC.
        K8s cluster Filters by Kubernetes clusters.
        Policy group Filters by policy groups. Applicable only for custom policies.
        Benchmarks Filters by policy benchmarks.
        Last Seen Filters by age of the misconfigurations. Values can be Within 1 day, Within 7 days, Within 14 days, Within 30 days, or Within 90 days.
  3. Select one or more misconfigurations you want to export.

    Tenable Cloud Security enables the Export button.

    Note: You can either select up to five misconfigurations or select all misconfigurations in a report.
  4.  Click Export.

    The Export panel appears on the right.

  5. Configure the export report:

    1. Name — Edit the default name of the CSV report, if required.

    2. File Format — By default, CSV is selected and is the only supported format.

    3. Select Fields to Export — Click to view the list of fields in the report. Select the fields that you want in the report.

      These fields are associated with the resources that have misconfigurations.

    4. In the Expiration drop-down, select the number of days for which the report is available for download.

    5. Enable the Schedule toggle to set a schedule for the export with the following fields:

      • Start Date and Time

      • Time Zone

      • Repeat

      • Repeat Ends

    6. Enable the Email Notification toggle to send emails to recipients. Provide the following details.

      1. Add Recipients — Enter the email addresses of recipients. Press Enter after each email address.

      2. Password for download link — Provide a password for downloading the report.

        Share this password with the recipients to download the exported file.

  6. Click Export or Schedule Export depending on whether you have set a schedule.

    The report provides a project-wise listing of all misconfigurations.

To view impacted resources:

  1. On the Misconfigurations page, click the policy that you want to view.
    The policy pane with the list of impacted resources appears.

  2. In the Impacted Resources section, do one of the following:

    • Select the impacted resource that you want to remediate and click the impacted resource name.
    • Use the following filters to filter and select a specific impacted resource:

    • Filter

      Description
      Projects Filters the impacted resources by project.
      Resource Types Filters the impacted resources by resource types.
      Source Types Filters the impacted resources by source — IaC or Cloud.
      Cloud Accounts Filters the impacted resources by cloud account name.
  3. Click an impacted resource to view the resource details.

    The following details are displayed:

    • Resource details

      Filter

      Description
      Violation SourceSource of the policy violation — IaC or Cloud.
      Cloud IDID of the cloud resource.
      IAC IDID of the IaC resource.
      Resource TypeThe resource type to which the resource belongs.
      Cloud ProviderThe cloud provider — AWS, Azure, or GCP.
      Cloud AccountThe cloud account name.
      RepositoryLink to the repository of the IaC resource.
      Cloud TagsThe label associated with the cloud resource by the cloud provider.
      IaC TagsThe label associated with the IaC resource.
    • Resource Configuration JSON: Shows the IaC or cloud resource configuration and the remediation resource configuration.
    • Remediation: Provides the remediation steps for the policy violation.

To remediate an impacted resource:

  1. Click the check box next to an impacted resource.
    Tenable Cloud Security enables Create a ticket, Create a PR, and Exclude Policy.
  2. Click one of the following remediation options:

    • Create a ticket — Creates a Jira ticket for the selected issue. For more information, see Create a Ticket for an Issue.

    • Create a PR — Creates a pull request. This option is enabled only for IaC resources. For more information, see Create a Pull Request for an Issue.

    • Exclude a Policy — Ignores the violation. For more information, see Ignore Misconfigurations.

      Note: Tenable Cloud Security shows the remediation steps to fix a failing policy on the policy pane.