Open Raven can visualize Assets that have been compromised.
Assets that have been compromised have a red violation icon.
To learn more about a compromised Asset, click on the red Violations icon.
This will bring up a properties tab for the Asset. You can then see if the Violation relates to the Asset's Configuration or the Data within it and how severe the Violation is.
In the below example, the Violation relates to the Asset's Configuration as it breaks the rule "AWS KMS is used for encryption at rest" and is of medium severity.
Click on the rule for more information. You will be brought to the "Policy Violations" section in Open Raven. Here, you can see the:
- Policy Violation ID
- Rule Name
- Status of the violation (Open/Closed/False Positive)
- Accounts affected
- Regions affected
- All Assets Violated.
If you click on an affected Asset's name, you will see the files violated and the reason for the Violation.
To remediate a violation, follow the guidance here.
Updated 2 months ago