Rules

Purpose: The Alert Rules feature enables users to create custom security rules using natural language-driven queries. These rules help monitor your cloud environment and trigger alerts based on specific conditions. You can create your own user-defined custom rules or choose from CloudSPX’s managed predefined rules based on your preference.

Steps for creating custom managed rules:

Go to the "Rules" Section: From the main navigation, open the Rules section.

Click on "Add Rule": Begin creating a new alert by selecting the Add Rule button.

Fill in the Rule Creation Form

• Select your cloud provider
• Choose the account you want the rule to be applied to.
• Select AWS Services choose from the list of supported AWS services relevant to your rule.
• Provide an S3 Bucket Link (Optional) If applicable, you can enter an S3 bucket URL.
• Describe the Security Rule, Use natural language to define the condition you'd like to monitor (e.g., "Detect public RDS instances").
• Wait for Rule Generation, Bourntec’s Gen-AI will process your input, generate the required queries, and test them in your environment.

Review Generated Tabs

After processing, three tabs will appear:

• Query Result: Shows detailed scan output.
• Athena Query: Displays the SQL query used for detection.
• Remediation Steps: Lists recommended actions to resolve the issue.

Set Severity Level: Select the appropriate severity (e.g., Low, Medium, High) for the alert.

Click "Add Rule": Save and activate the rule by clicking the Add Rule button.

Manage Alert Rules

In the Alert Rules Table, you’ll see a list of all defined rules.

Use the Actions button to activate or deactivate any rule.

You can also select Show Remediation if further action is needed.

Select the platform filter to view rules specific to your desired cloud provider.

Use the filter to view CloudSPX managed rules, custom managed rules, or select All to see both.