Automations verify the security configurations of your assets, save you time on manual reviews, and contribute to your evidence catalog for later reference during each audit. They harness data from integrations and API events to ensure that when something is wrong in the real world, you’re notified.
Automations are pre-configured based on the integrations you have. For example, if you install an integration for Code Repos, you will receive an automation that ensures all code is reviewed before deployment. So for each Code Repo which is exposed by your integrations, you will receive a Passing or Failing result for the automation. These results can viewed on the Automations tab in the Audits dropdown navigation.
For information on the specific automations enabled for each of our integrations, please view the Integrations Overview section.
One outcomes of automations, regardless of what was found is evidence. The automation will generate evidence and apply a status to it of either "OK" or "Issue".
If an automation finds an issue in addition to the evidence Comply will also automatically generate an issue.
Scoping Automations to Specific Assets
Using Asset Tags you're able to narrow the scope of what assets an automation will apply to. For example, you may want to tag AWS resources as 'marketing' and others as 'engineering' and only apply automations to the 'engineering' resources. Simply edit an automation and select the tags to apply that automation to in the Scope dropdown.
Creating your own Automation
You can create your own Automation by clicking the "Create Automation" button in the top-right corner of the screen.
Creating an Automation allows you to create any Evidence and monitor for any Issues that your heart desires. Automations work by processing Events that come from either our turnkey integrations or the Events API. Learn more about Events and Automations and our Event API.
When creating an automation, simply specify the Event Type that Comply should expect on the Event, and then specify the "OK" and "Log as Issue" tags that Comply should examine to categorize the event.
All the same Automation configurability as you'd expect on our Turnkey automations are still present, such as:
- Ability specify who should respond to Issues
- Ability to map output to Controls
Updated about 2 years ago