Create a Post
Enegma7345
Explorer

Issues With CSPM Not finding Non-Compliance And Auto-Remediation Not Triggered

The concern is with regards to auto-remediation using Cloud Bots. If, for example, a user creates an unencrypted S3 bucket, then a Cloud Bot Auto-Remediation would not take effect until 30min to an hour? That seems like a major security flaw if an unencrypted S3 Bucket would be unencrypted for 30 min to an hour. I deployed a S3 bucket that was non-compliant I waited for CSPM to search my environment my remediation was not working this is my rule s3_enable_encryption kms arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab I looked at the CloudBots github page and it looked correct. What can be done for CSPM to search the environment in smaller intervals? and what is incorrect in my remediation rule?.

0 Kudos
0 Replies