It is now possible to exclude findings that are generated by Dome9 Compliance Engine!
You can now exclude specific findings from appearing in the results of assessments. There are several motivations for creating exclusions:
1. Avoid generation of findings from irrelevant rules, for a specific cloud account or for all cloud accounts.
2. Replace a rule that requires customization.
3. Stop generating findings for a specific entity, if a rule is irrelevant for the entity.
The exclusions mechanism would allow you to customize the Dome9 canned bundles – any rule that needs to be ignored or customized can now be excluded and replaced with your new logic, in a custom bundle. This practice would allow you to continue using the Dome9 bundles, and receive updates.
The alerts now include an “Exclude” button:
When you review an alert and decide that it should be excluded, you can click the exclude button, and create a new exclusion:
1. Select the rules bundle.
2. Select the rule from the selected bundle. To exclude all findings from the bundle on specific entity (or entities), you can uncheck the rule.
3. Select the cloud account. To exclude findings from all the cloud accounts (i.e. irrelevant rule), you can uncheck the cloud account.
4. Enter the entity name or Id to exclude. To exclude findings from all the entities you can uncheck the entity exclusion. Note that entity name exclusion support patterns.
Exclusion can be managed from the “Compliance & Governance” > Exclusions screen. You can review and manage all the existing exclusions.
Alerts, Compliance reports dashboards are affected by the exclusions. Compliance scores calculations are ignoring the excluded findings. Excluded findings are hidden by default. Dedicated toggles allow to present excluded findings for review purposes.
Note that excluded findings are not being sent to external system. They are not sent in email reports or AWS SNS notifications.
You can find more information in the Dome9 documentation: https://dome9.zendesk.com/knowledge/articles/360009263814
The exclusions mechanism is fully supported by APIs. You can manage exclusions by APIs, and exclusion statistics is included in the findings retrieval. For more information: https://api-v2-docs.dome9.com/index.html#Dome9-API-Exclusion