Support for real-time compliance data is being added to the Compliance module in Stax. With real-time data on the Rules page, you will be able to see near real-time compliance status which reflects the constantly evolving state of an AWS environment.
For Stax tenancies with Real-Time Rule Alerts enabled, evaluation times for compliance alerts and information is decreased from over 8 hours to 15 minutes.
This functionality is available as a private preview. Customers enrolled in the preview program will receive first access to the new compliance functionality. See Join the preview to enrol.
What to expect
Changes in compliance findings and reporting
Once your tenancy has been enrolled in the preview program, you may initially notice changes in your compliance results. This is because the platform is now evaluating your AWS environment's compliance faster, which means changes in resources compliance will be displayed sooner. In addition, organizations in the preview program will experience improvements in how some rules are evaluated. See Rule Improvements below.
Changes to Views functionality
Filtering by a View segment on the Rules or Rule Details pages will no longer be available. A future release will include improved filtering and grouping functionality for rules and resources.
Limited access to Rule Details page functionality
Customers enrolled in the preview program will be the first to receive access to new Compliance module features, however for a short time, will not have access to some functionality:
- Resource Ignoring on the Rule Details page, including viewing ignored resources in the Ignored tab and ignoring resources from Rules resources. Any previously ignored resources will be included in your rule results
- Resource History tab on the Rule Details page, which provided a up to 30 days view of resources' compliance changes
- Resource details on the Rule Details page will be limited to the following data for all resources: Status, On this status since, ARN, and Region
Changes to compliance notifications configured with a Segment
While the preview program is in progress, compliance notifications will only be configurable to All Views as the View functionality is disabled. This means preview program users will not have the ability to configure a compliance notification based on a segment. In addition, any existing compliance notifications will be automatically converted to use All Views as the segment for applicable users. This change will not impact Cost and Budget notifications configured on a segment.
Evaluate configured notifications of the following types before enrolling in the preview program, as they will have their scope updated to All Views:
- Daily Compliance Report
- Monthly Compliance Report
- Real-Time Rule Alerts
- Rule-level Noncompliance Alerts
- Resource-level Noncompliance Alerts
- New Rule Releases
If you do not wish for your notifications to be automatically converted to use All Views, you can disable the notification by updating your personal or organization Subscription Preferences. You can edit or delete existing notifications by following the guidance in Manage Notifications.
Compliance Notifications
Compliance notifications, Summary Report, Ignored Report, Export Failing Items, and other downloads in the Compliance module will continue to work. Data for this functionality will be provided by the previous Compliance systems at this time. This may mean data in notifications and exports may be delayed as the previous Compliance systems did not collect and process data at the rate of the new system.
Rule improvements
CloudTrail trails should be actively delivering events
For multi-region CloudTrail trails, the Compliance module previously reported a separate resource per Trail, per active AWS Region. This meant you could see many records for a single multi-region CloudTrail trail. As part of the preview, you will see multi-region CloudTrail instances reported as a single resource.
Compliance UI design
Customers enrolled in the preview program will be the first to experience the redesign Compliance interface aimed at providing enhanced feature usage and visibility.
Join the preview
To enrol in the Real-time data on the Rules page preview program, contact your Customer Success Manager or raise a support case.