Investigate VMware Tanzu Guardrails findings

As an administrator, you must maintain the security and performance of your accounts and resources in Tanzu Hub.

Tanzu Guardrails reports findings of various types. You must review the findings and decide how to remediate them.

The overview dashboard displays a summary of the findings, severity, drifts, threats, violations, accounts, and the option to customize the dashboard.

The findings get reported in real time if event monitoring was activated during account setup, and twice a day if no event monitoring is in place. You investigate the open findings by priority according to the highest attention score, and follow the workflow through the user interface to remediate those findings.

On the dashboard, you can manage the settings, add or remove widgets, and change the title.

  • Add a widget, click the Edit icon to open the widget list, and drag widgets to the dashboard.
  • Configure the widget and change the grid and actions.
  • Create, duplicate, and delete dashboards.

Where to begin

Verify user roles and permissions:

  • Required for monitoring findings.
  • Required for remediating findings and enforcing governance with elevated permissions.

For details, go to: Setting up users and projects for VMware Tanzu Hub.

Review the types of findings

Tanzu Guardrails reports multiple types of findings.

  • Anomaly
  • Cost Recommendation
  • Drift
  • Error
  • Threat
  • Violation
  • Vulnerability

To view the findings and filter them:

  1. Click Guardrails > Findings.
  2. Expand the Type category.
  3. Click one or more types findings and click Apply.

The finding details vary depending on the type you select. For example:

  • Drift findings indicate deviations from the desired state of your cloud account. All the details about the drift findings appear, including the difference between the desired state and the discovered state, and more.
  • Violation findings indicate a violation of a posture policy. When Violation findings get reported, all the details about the violation findings appear, including a suggested action, the policy, and more.
  • You can choose to remediate each finding or suppress it.

To export the findings in the list to a CSV file, click the Export button.

If you’ve set up projects in VMware Tanzu Hub, you can view findings for a specific project by selecting it from the context switcher in the top menu for VMware Tanzu Hub.

Remediate the most impactful findings

The findings attention score is the place to start to prioritize which findings you address first.

You might need to remediate:

  • A violation of a posture policy, or an anomaly or threat.
  • A drift from a desired state template.

Focus on violations first. If a violation occurs, it could indicate a security issue in your cloud resources.

You can reduce the number of overall findings on the page by selecting the filters. You can also suppress individual findings or suppress an applied posture policy.

To remediate security drift, you must have elevated access permissions. To set up elevated access permissions, go to the topic for your provider in: Setting up data connections in VMware Tanzu Hub.

To begin investigating the findings for your cloud accounts, subscriptions, and resources:

  1. Review the findings and attention scores.
  2. Expand the filters.
  3. Select the filters for the findings you want to investigate. For example, select the security category, and the violation type.

The findings display the finding name of each security violation, the attention score, the type of resource, the account ID, and a link that displays the cloud tags applied to the resource.

When you begin to investigate the findings, and remediate them, be aware that:

  • For a violation or threat from a posture policy, you click the link from the finding to the associated remediation article and follow the steps in it. Alternatively, you can configure a remediation worker group to automatically resolve supported findings.
  • For a drift from a desired state template, you can manually remediate it. Or, with elevated access permissions, you can click the Remediate Desired State Findings button.

Investigate critical threats and violations to your posture

The posture policies enforce the security compliance requirements on your cloud resources by applying rules to those resources.

To monitor your cloud resources for critical security issues, investigate the findings for threats and violations.

  1. Filter the findings.

    The filters let you narrow your search by selecting the categories and types of filters you need to investigate.

  2. Expand a threat or violation finding that has a high attention score.

    The finding details describe the finding and the action to take, with a link to the remediation article that describes the steps to follow to resolve the finding.

  3. To understand the violation, review the description of the finding.

  4. Check the frameworks to determine if the finding is associated with a compliance standard you want to enforce on your accounts.

    When you click the link to the frameworks, the list of applied frameworks appears in a list.

  5. Review the suggested action for a high-level summary of the resolution, then click the View more link to see the remediation article.

  6. Follow the remediation steps in the article to resolve the issue that generated the finding.
  7. To confirm that the open security violation is resolved, click the Resolved button.

Investigate drifts from compliance requirements

The desired state templates define the desired states for your cloud accounts and subscriptions, and enforce the drifts from those desired states.

To ensure that your cloud accounts and subscriptions adhere to compliance requirements and standard best practices, you investigate an open finding that is marked as Drift and has a high attention score.

For example, you might investigate a high severity finding that detects whether public IP addresses for Amazon EC2 autoscaling are enabled through launch configurations.

  1. Locate the open finding and expand the details.

    The drift finding displays the details about the drift and a button that displays the difference in the discovered state and the desired state.

  2. Review the details.

  3. View the drift that occurred from the desired state.

    The code change displays the difference between the discovered state and the desired state.

  4. With elevated access permissions, you can manually remediate the drift finding or choose to suppress it.

  5. To remediate the security drift, click the Remediate Desired State Findings button.

Suppress findings that are low priority or have blocked resolution

You might discover that you are not able to resolve a finding after you investigate it. In that case, you can suppress the finding until it can be resolved.

A suppressed finding stops appearing for a length of time selected by the person who submitted the suppression request. Some common scenarios for suppressing a finding include:

  • The finding cannot currently be resolved due to engineering or other blocking issues.
  • The resource configuration that generated the finding is part of the business requirements. If that is true for your entire organization, consider deactivating the policy instead.
  • The finding is a false positive and you verified that no drift or violation occurred.

To suppress a finding, expand or select it from the main list.

  1. Click the Suppress button.
  2. For Duration, set the length of time for suppressing the finding.
  3. For Reason, provide a business justification for your request.
  4. Click Submit.

If you don’t have elevated permissions in Tanzu Hub, your suppression request must be reviewed and approved by an administrator before it goes into effect. You can check the status of a suppressed finding in Governance > Suppressions.

Create a report of the findings

You can create a detailed report of the findings in VMware Tanzu Guardrails, and share it with stakeholders.

To create a report of the findings:

  1. Click Guardrails > Reports.
  2. Click Add Report.
    1. Provide a name, select the type of report, and select the report output format.
    2. Select the context for the report generation at either the organization or project level. Then, click Next.
  3. Add criteria for the report.
    1. Select one or more cloud accounts, then click Add Criteria.
    2. Select the criteria to add, and provide the information for each type of criteria. Then, click Next.
  4. Choose when the report gets generated.
    1. You can generate the report manually or on a schedule.
    2. When you choose to manually create the report, you can have VMware Tanzu Guardrails create it when you save it. Then, click Next.
  5. Determine who receives the report by providing one or more email addresses. Then, click Save.

View overall trends in findings

You can view the trends dashboard from the Tanzu Hub Home tab to see how findings on your accounts have progressed over days, weeks, or months.

  1. In Tanzu Hub, click Guardrails > Overview.

  2. Click the drop-down icon next to the “Guardrails Overview” text and select Trends.

What to do next

Discover other ways to improve the display of the findings. Go to Create suppression policies for VMware Tanzu Guardrails findings in VMware Tanzu Hub.

What to read next

Create suppression policies for VMware Tanzu Guardrails findings in VMware Tanzu Hub

As an administrator or application owner, you must ensure the most critical findings are resolved quickly while managing signal noise from findings that are high in volume and have a low priority or blocked resolution. You can use suppression policies to hide findings across multiple accounts in a single action, or to stop tracking findings completely for policies that don’t fit your organization.

Parent topic: Governing resources by using VMware Tanzu Hub and VMware Tanzu Guardrails

check-circle-line exclamation-circle-line close-line
Scroll to top icon