Resolve Violations

To check and resolve Policy Violations, you will need to:

  1. Go to "Policy Violations."
  2. Assess Violations.
  3. Select a Violation Row Alert.
  4. Resolve a Violation.
  5. Share a Violation with Your Team (Optional).
  6. Track the Workflow State of a Violation.

Let's get started.

Step 1. Go to "Violations"

Select "Violations" from the navigation menu on the left side of the page.

Step 2. Assess Violations

The "Policy Violations" page displays a list of assets, prioritized by severity, that have violated previously configured policies.

Here, in a single glance, you can focus on specific accounts or regions affected and see for each violation the:

  • Severity (i.e., whether the violation is low, medium, or high risk).
  • Data Policy affected.
  • Rule(s) within the Data Policy broken.
  • Violation Details (i.e., data classes found, for example, Social Security Numbers or Facebook Access Tokens).
  • Scope (i.e., how many of the assets and files were affected by the misconfiguration).
  • Status (i.e., whether the violation is open or closed).

The above information helps you assess each violation quickly and efficiently.

You can also filter which violations you are shown here by using the "Filter By" feature or search for Rule Name manually in the search bar on the upper right side.

Step 3. Select a Violation Row Alert

Click on the violation row alert you want to investigate further.

Clicking on a violation row alert will open up a details panel with a list of assets and details that explain what needs attention.

To expand the details panel, click on the asset name affected (in this case, "an-open-bucket"). Doing so will show you the list of objects in violation of the Rule ("Affected Files").

The "Affected Files" list makes it easy to prioritize remediation depending on the data or misconfiguration findings.

Step 4. Resolve a Violation

Within Open Raven, there are several ways to remediate violations:

1. AWS Console
Clicking on a file name within the "Affected Files" list will bring you directly to the object overview pane on the AWS console, where you can take immediate action or perform further investigation.

Selecting the three dots menu and clicking on "Go to object in AWS" will do the same.

2. Slack or email alerts
Open Raven has several built-in integrations for popular services like Slack or email that can be configured to send policy violations automatically from Open Raven.

3. Custom or automated workflow
Webhook and AWS Eventbridge integrations are configurable within the Open Raven UI so that alerts can be sent wherever you need them most.

Step 5. Share a Violation with Your Team (Optional)

To share a violation with someone on your team, click on "Copy Link" under "Violation Actions" or "Violation Actions" and share the link with your colleagues.

Step 6. Track the Workflow State of Violation

Open Raven sets violations to “Open” by default and closes them automatically when the violations are resolved in a subsequent policy evaluation.

You can manually set a violation to “Closed” by clicking on the three dots menu in the "Policy Violations" page and selecting "Close."

Once you have done that, Open Raven will reevaluate the policy to confirm that the remediation took place and that the violation was indeed solved.

Closed violations will appear in the "Closed Policy Violations" section of "Policy Violations."

If you believe a violation was raised by mistake, you can mark it as “False Positive" by clicking on the three dots menu.

🚧

Any questions?

If you have any questions while resolving violations or need assistance, please contact the Open Raven support team via email at [email protected]


What’s Next