Governance
Policies that improve the configuration of your assets to increase performance, usefulness, and security. Use KICS built-in policies or create your own.
Last updated
Was this helpful?
Policies that improve the configuration of your assets to increase performance, usefulness, and security. Use KICS built-in policies or create your own.
Last updated
Was this helpful?
After integrating your data source(s), Firefly uses to scan your assets and discover vulnerabilities in your assets. KICS queries are written in and defined by the following categories:
Access Control
Availability
Backup
Best Practices
Build Process
Encryption
Insecure Configurations
Insecure Defaults
Networking and Firewall
Observability
Resource Management
Secret Management
Structure and Semantics
Supply-Chain
Policies you create using the Rego language to monitor and improve the configuration of your assets.
Select Governance > + Custom Policy.
Enter a descriptive name in the Name field.
Select a category or create a new one > Add.
If using AI, select only one data source and asset type.
Select the Severity.
TRACE: Information used for debugging
INFO: General information about system operation
LOW: Minor issues with a slight impact
MEDIUM: Moderate risk
HIGH: Significant risk requiring immediate attention
CRITICAL: Severe issues needing urgent resolution.
Select the data source(s).
Select the asset type(s).
Enter a description in the Policy description field. For example:
instance of type in t family
instance has instance_state stopped
Auto Scaling Groups with a single AZ
elastic ip that have empty association_id
(Optional) Select Generate with Thinkerbell AI.
Select an asset and use the INPUT SCHEMA to construct your rule in the Firefly Rego Playground.
In the expression, input represents an asset. To access an asset attribute, write input.the attribute name. For example:
input.instance_type == "t2.micro"
The code in the Rego Playground must contain conditions that result in a Boolean value. These conditions determine whether the asset matches the rule.
To view the assets that match your rule from the Rego code you created, select Evaluate.
SELECT ASSET: scope of assets according to your selection in the Insight Details.
INPUT SCHEMA: configuration of the rule you created.
MATCHING RESULTS: assets that match your rule.
To send a notification to your notification tool or email, select the checkbox and destination.
Select Create when the MATCHING RESULTS section displays the assets you want included in your rule.
To improve your rule, examine the code from the INPUT SCHEMA . Verify that all attributes match the schema described in the INPUT SCHEMA.
Change the scope of the data source and asset you selected above.
Try selecting a different asset or adjusting the rule in the Rego Playground.
Apply the following filters to view details about your asset:
Frameworks
Structured set of compliance guidelines
Categories
Policy type
Providers
Integrated service providers
Data Sources
Information resources
Scopes
Range of resources
Severities
Severity of the policy violation according to risk
Production
Assets in the production environment
Violating Assets
Assets that violate the policy
Notifications
Notification enabled for the policy
Enabled
Policy detection is enabled to locate matching assets
The Governance table presents detailed information about your assets and their policies, organized into the following columns:
Category
Policy type
Name
Name of the policy
Severities
Severity of the policy violation according to risk
Data Source
Integrated resource
Asset Types
Type of service or object provided
Insights
Recommendation for remediation
Compliance
Percentage of assets that passed the policy detection check
Violating Assets
Assets that violate the policy
Notification
Notification enabled for the policy
Enabled
Policy detection is enabled to locate matching assets
To view the assets that match the policy, select the kebab > View Assets.
To change the policy code, select the kebab > Edit Policy > Update.
To create a ticket in Jira, select Issue Ticket.
Firefly creates code to implement the improvements to your AWS assets that Firefly recommends. Run this code in your AWS CLI, and the desired changes are made automatically.
Select the kebab > Remediation.
Copy and run the commands in your AWS CLI.
Structured sets of guidelines and standards designed to systematically manage compliance, security, efficiency, and optimization.
A set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.
A compliance framework developed by the AICPA that evaluates an organization's information systems relevant to security, availability, processing integrity, confidentiality, and privacy.
US legislation that provides data privacy and security provisions to safeguard medical information.
NIST
Guidelines, standards, and best practices established by the National Institute of Standards and Technology at the US Department of Commerce. The NIST Cybersecurity Framework helps businesses better understand, manage, and reduce their cybersecurity risk and protect their networks and data.
A term referring to the unnecessary or inefficient use of cloud resources, leading to excess costs. Practices and tools aimed at reducing cloud waste focus on optimizing resource utilization and cost management.
Policies that identify resources which are lacking the appropriate tags.
The configuration in the must contain the Firefly keyword:
firefly { }.This keyword determines whether the asset matches the rule.
The Rego language supports expressions and conditionals.
Copy one of the input assets, and use the to troubleshoot until your code is correct.
After integrating your Google Cloud account, we retrieve Google Cloud Insights directly from your projects. These insights identify potential risks in your asset configurations, enhance your security posture, and reveal significant patterns in resource usage. To utilize this feature, enable the .
