You may want to create exceptions to exempt certain cloud resources from a particular control or temporarily change the status of a resource for a particular control from Failed to PassE (Pass with Exception).

For example, it may be the policy in an organization that the a particular cloud resource  is not allowed on any server or port. However, there could be a business need for the organization to provide an exception for one or more resources on a temporary basis. This may be required to support a custom application or other business need. You could use exceptions in such scenarios.

Create Exception

Here are quick steps to create an exception.

1. Go to Monitor tab. You'll notice a Search field above the controls list. Enter your search query for failed evaluations and click the required control in the search results to view the control evaluations. Show meShow me

Search query on monitor tab to view the failed evaluations for which you want to create exception.

2. Select the failed resource for which you want to create an exception and click Create Exception from the quick actions menu. Show meShow me

Choose the quick action menu to create the exception for the failed control evaluation

Note: The Create Exception option is available in the quick action menu only for resources with failed control evaluations (FAIL).

3. The Exception wizard is displayed. Provide the following details for the exception:

- Basis details such as name for the exception, reason to create the exception, an explanation, start and end date for the exception. Optionally, you could also provide the information regarding the security policy and procedure for which the exception is being created. Show meShow me

Basic details that you need to provide to create the exception

- Controls: The control for which the evaluation failed is auto-populated. Click Add More Controls to include more controls of the same resource type. Show meShow me

The control is auto-populated. You can always alter the controls associated with the exception

- Resource Information: The resource information provides details of the resources associated with the exception you are creating.

4. Review the information you provide for the exception and click Create Exception.

That’s it! The exception is created. The exceptions you create are listed in Exceptions tab. Go to Policy > Exceptions to view the list of all exceptions.

Once the exception is in ACTIVE status, the resource result immediately changes from Fail to PassE (Pass with Exception). The Exception Details section in Evidence displays all the exception details. The exception details are updated only when the exception status changes or on every connector run. Show meShow me

Resource result displaying pass with exceptin status and exception details.

See Exception Status to know more about the various status for exceptions

Want to know more?

Manage Exceptions