View Reports
Click a report to display its details and available actions.
Actions
Run report is now deprecated, see On-Demand Compliance Scans for similar functionality.
Reports have the following actions:
- Copy to clipboard - Click the copy to clipboard icon (
) to copy the URL to your clipboard that you can send to others. - View in Dashboard - Click the view in dashboard icon (
) to open the report in the cloud compliance dashboard view (not available for all reports). If you want to manage exceptions, you must do this through the dashboard. - View history - View the previous reports to obtain the percentage of non-compliance and trends. Use the time range to filter reports between a certain time frame.
- Report info - Type, account, and the timestamp of when you configure the report.
- Status - Filter the report by policy status. For example, selecting Non-compliant displays only non-compliant policies and statistics for non-compliant resources and recommendations.
- Severity - Filter the report by the severity level of the policies.
Due to underlying AWS behaviors, AWS compliance report content for Identity and Access Management can be updated only every four hours. This means IAM assessments retain the same status if a new report is generated within four hours of the latest report.
For additional information, see Getting credential reports for your AWS account.
Overview
This report section contains information about the account, report time, severity counts, number of non-compliant recommendations and resources, and the number of recommendations and resources assessed and suppressed.
Recommendations
This report section lists recommendation groups and each recommendation's status (compliant/non-compliant/suppressed/manual), severity, number of resources affected and assessed.
Each recommendation has the following details:
| Column | Description |
|---|---|
| ID | Displays the unique identifier for the recommendation (links are not currently active). For the AWS CIS 1.4 Benchmark report, each AWS CIS 1.4 rule ID's corresponding Lacework policy ID is listed on AWS CIS 1.4.0 Benchmark. |
| Recommendation | Displays the description of the recommendation. |
| Status | Displays the status of the recommendation at the selected report date:  - During the assessment that occurred during the selected report run, this recommendation was not in compliance. It was in violation of the recommendation.  - During the assessment that occurred during the selected report run, this recommendation was in compliance.  - During the assessment that occurred during the selected report run, this recommendation was completely suppressed. Manual - There is no way to determine if the recommendation is in compliance because the configuration status cannot be retrieved. You may want to manually check compliance directly in your cloud account. Could Not Assess - Lacework encountered a problem while attempting to assess this recommendation, for example, the correct privileges have not been granted. For example, during compliance assessment, Lacework queries the AWS IAM credentials report and if it cannot be generated or assessed, potentially due to API behavior/backfire or rate, this status may result. |
| Severity | Displays the severity of the recommendation: Critical, High, Medium, Low or Info. |
| Affected | Displays the total number of resources assessed as non-compliant (in violation) for this recommendation. |
| Assessed | Displays the total number of resources assessed for this recommendation. |
Lacework correctly accesses the compliance status when you configure multiple AWS accounts to use a single CloudTrail associated with a single AWS organization, however, the Affected and Assessed counts may be reported as 0.
For example, under Logging, the AWS_CIS_2_1 - Ensure CloudTrail is enabled in all regions recommendation may be reported as compliant but Affected and Assessed counts report as 0.
Violations
This report section lists non-compliant resources for each recommendation and the following details:
- Severity
- Number of resources that passed or failed compliance and the number that were suppressed
- Resource
- Region (if applicable)
- Reason
View Previous Reports and Compliance Trends
Click Previous reports to see historical reports. Use the time range to filter reports between a certain time frame.
Each report contains the Compliance trends. This indicates whether the percentage of failed policies has decreased or increased since the last report.
Click on each historical report to view the report details.
View Report Information
Click Report info to view information about the report.
Filter Policies by Severity in a Report
You can filter the report by specific policy's severities such as Critical, High, Medium, Low, or Info.
From the Report information dialog, click on the Severity levels to enable or disable them. For example, view only Critical and High policies in the report by deselecting the other severity levels.
Filter Policies by Status in a Report
You can filter the report by a specific policy status such as Non-compliant, Compliant, Suppressed, Manual, or Could Not Access.
From the Report Info dialog, click on the Status dropdown and choose the policy status. For example, select Non-compliant to view only non-compliant policies in the report.