Cloud
Cybersecurity
Security
June 5, 2023 By Ashwini Padubidri Chandrase
Janet Van
Shawna Guilianelli
5 min read

Customers and users want the ability to schedule scans at the timing of their choice and receive alerts when issues arise, and we’re happy to make a few announcements in this area today:

  • Scan frequency: Until recently, the IBM Cloud® Security and Compliance Center would scan resources every 24 hours, by default, on all of the attachments in an account. With this release, users can continue to run daily scans—which is the recommended option—but they also have the option for more flexibility. Users can now choose to evaluate their resources weekly, monthly or just on-demand. Additionally, users can create an attachment without enabling a scan as they set up their account and then enable the scan to run at a later date.
  • Enhanced notifications: Previously, scan notifications were set at an account level. By default, users were notified if 15% or more of their controls failed in a single scan. While the threshold percentage was customizable, it didn’t always provide the granularity that users are looking for. Now, users will have the ability to set the threshold for each attachment. Additionally, users are able to pick up to 15 specific controls that they can be notified for if they fail. These capabilities are independent, which means that if the threshold percentage isn’t met, but a specified control fails, the user is still notified for the control. If the user is in the process of setting up the account, notifications can be disabled and then re-enabled when ready. This capability allows for users to have the more granular control that they are looking for in notifications.

How do I get started?

Before you get started, be sure that you have the proper permissions and prerequisites to create an attachment and view results in the Security and Compliance Center.

  • You must have the Editor platform role or higher to create an attachment. For more information, see Assigning access.
  • You must have an IBM Cloud Object Storage bucket in which to store your results. To connect your bucket, you must have a service-to-service policy in place that enables communication between the Security and Compliance Center and Cloud Object Storage. For more information, see Configuring storage.

Step 1: Set up an instance of Event Notifications

To receive notifications for the Security and Compliance Center, you must have configured the IBM Cloud Event Notifications service to send them. To get started, you can use the following steps:

  • In the console, click the Menu icon > Security and Compliance.
  • In the Security and Compliance Center navigation, click Settings.
  • In the Event Notifications section, click Connect.
  • In the side panel, review the source details for the connection. Optionally, provide a description.
  • Select the resource group and Event Notifications service instance that you want to connect.If an IAM authorization between the Security and Compliance Center and Event Notifications doesn’t exist in your account, a dialog is displayed. Follow the prompts to grant access between the services:
    • To grant access between the Security and Compliance Center and Event Notifications, click Authorize.
    • In the side panel, select Event Notifications as the target service.
    • From the list of instances, select the Event Notifications service instance that you want to authorize.
    • Select the Event Source Manager role.
    • Click Review.
    • Click Assign.
  • To confirm the connection, click Connect. A success message is displayed to indicate that the Security and Compliance Center is now connected to Event Notifications. If you need to disconnect from Event Notifications later, you can use the options menu > Disconnect to remove the Security and Compliance Center as a source service in the Event Notifications instance.

Step 2: Configuring a scan

When you set up a scan, you have two options: recurring and on-demand. On-demand scans are useful as you are working toward a specific compliance program and you are frequently making changes but recurring scans will help to continuously monitor for compliance.

To start scanning your resources in the Security and Compliance Center, you must create an attachment to target your resources. To create an attachment, you can use the service UI:

  • In the Security and Compliance Center navigation, click Profiles and select the profile that you want to evaluate. A profile details page opens.
  • On the Attachments tab, click Create:
  • Target your attachment by selecting a Scope and identifying any resources that you want to Exclude. Then, click Next.
  • Optional: Customize the underlying evaluations in your scan by editing the default parameters to match your specific use case.
  • Click Next.
    • Toggle scanning to enabled to start scanning.
  • Select the frequency at which you want to evaluate your attachment. Options include every day, every 7 days and every 30 days. If needed, you can pause scanning at a later date:
  • Optional: Configure notifications:
    • If you want to receive notifications, toggle Notify me to On.
    • By default, when notifications are enabled, you are alerted when 15% or more of your controls fail in a single scan. You can change this by adjusting the Threshold percentage. For example, if you have a profile with 100 controls and you want to be notified if 5 of them fail, you would select 5% as your threshold:
    • Select specific controls that you want to be notified about:
      • If there are high-priority controls that pertain specifically to your job role, you might want to be notified every time they fail. You can identify up to 15 controls per scan that you can receive individual notifications for. These notifications are sent regardless of whether the threshold identified in the previous step has been met.
      • Click Select control.
      • Select the controls that you want to be notified about by checking the box next to the control.
      • Click Ok:
  • Review your choices and click Create:

When you create your attachment, a scan is scheduled. When the scan completes, your results are available in the Security and Compliance Center dashboard. To initiate an on-demand scan, you can select Run scan on the overflow menu in the row of the profile that you want to evaluate.

Have feedback?

In order to ensure that we are helping you to deliver on your own mission, we’d like to hear from you with any feedback that you might have. To share your questions, comments, or concerns with us, use the Feedback button that can be found on any page of cloud.ibm.com.

Learn more about the IBM Cloud Security and Compliance Center
Was this article helpful?
YesNo

Tags

Ashwini Padubidri Chandrase
Cloud Security UI Development Lead
Janet Van
Product Manager, Cloud Security and Compliance
Shawna Guilianelli
Content Lead and Strategist

More from Cloud
April 26, 2024

Bigger isn’t always better: How hybrid AI pattern enables smaller language models

5 min read - As large language models (LLMs) have entered the common vernacular, people have discovered how to use apps that access them. Modern AI tools can generate, create, summarize, translate, classify and even converse. Tools in the generative AI domain allow us to generate responses to prompts after learning from existing artifacts. One area that has not seen much innovation is at the far edge and on constrained devices. We see some versions of AI apps running locally on mobile devices with…

April 8, 2024

IBM Tech Now: April 8, 2024

< 1 min read - ​Welcome IBM Tech Now, our video web series featuring the latest and greatest news and announcements in the world of technology. Make sure you subscribe to our YouTube channel to be notified every time a new IBM Tech Now video is published. IBM Tech Now: Episode 96 On this episode, we're covering the following topics: IBM Cloud Logs A collaboration with IBM watsonx.ai and Anaconda IBM offerings in the G2 Spring Reports Stay plugged in You can check out the…

April 4, 2024

The advantages and disadvantages of private cloud 

6 min read - The popularity of private cloud is growing, primarily driven by the need for greater data security. Across industries like education, retail and government, organizations are choosing private cloud settings to conduct business use cases involving workloads with sensitive information and to comply with data privacy and compliance needs. In a report from Technavio (link resides outside ibm.com), the private cloud services market size is estimated to grow at a CAGR of 26.71% between 2023 and 2028, and it is forecast to increase by…

IBM Newsletters

 Get our newsletters and topic updates that deliver the latest thought leadership and insights on emerging trends.
Subscribe now More newsletters