⚠️ Select your experience
The steps depend on your interface version. Select a link to skip to the instructions for your version.
Customers who joined Drata on or after Feb 24, 2026 are automatically on the New Experience.
Instructions for the New Experience ⬇️
Monitoring helps you review test results and maintain audit readiness across frameworks such as SOC 2, ISO 27001, and HIPAA. It provides visibility into the status of every test in your workspace so you can track readiness and take corrective action when needed.
Mapped vs unmapped tests
Each test in Monitoring can be either mapped or unmapped to a control.
Mapped tests
Tests that are connected to one or more controls. Their results impact control readiness and any frameworks linked to those controls.
Example: An MFA test mapped to SOC 2 CC6.1. If the test fails, the control is not ready and your SOC 2 readiness score reflects the gap.
Unmapped tests
Tests that are not connected to any control. Their results do not affect readiness scores but still provide visibility into risk areas you may want to map later.
Prerequisites
Must have one of the following Drata RBAC roles:
Admins
Information Security Leads
Workspace Managers
Control Managers
DevOps Engineers
Users with these roles may be assigned read-only access by an admin. If you have read-only access, you can view Monitoring data but cannot make changes.
Navigate to Monitoring
From the main navigation, go to: Compliance → Monitoring
The Monitoring page has two tabs: Production and Codebase.
Production vs Codebase
The Monitoring page has two tabs that show different compliance tests in your workspace.
Tab | Description |
Production | Shows tests that run against your connected business systems. These often include identity providers (Okta, Azure AD), cloud infrastructure (AWS, GCP, Azure), security tools, and HR platforms. |
Codebase | Shows compliance tests that scan connected code repositories using infrastructure-as-code (IaC) analysis. These detect misconfigurations, missing guardrails, and policy violations early in development. |
Monitoring summary (Production)
At the top of the Production tab, a summary of test results across your connected systems is displayed. Draft tests (tests that are not published) are not included in these metrics.
Metric | Description |
% of tests passed | Percentage of tests that passed their last run |
Passed tests | Tests currently compliant |
Failed tests | Tests that require remediation |
Error tests | Tests that could not complete their run |
Monitoring summary (Codebase)
The Codebase tab displays security and compliance test results from your connected code repositories.
Metric | Description |
Repositories monitored | Number of connected repositories being scanned |
Failed tests | Number of code-level tests that failed |
Passed tests | Number of successful tests |
Explore the test table
Note: The Codebase tab uses the same table and actions.
Column | Description |
Name | Test name with a Draft label if applicable. |
Result | Latest test outcome (Passed, Failed, Error). |
Findings | Number of issues identified for this test. |
Status | Whether the test is Enabled, Disabled, or Testing… |
Category (Production tab only) | Type of test (Device, Identity Provider, Infrastructure, Policy, etc.). |
Active connection (Production tab only) | Integration connected to the test (for example, Okta, AWS, GitHub). |
Take bulk actions
Action | Description |
Test now | Run the selected tests immediately. |
Enable | Turn on the selected tests so they run daily with Autopilot. |
Disable | Turn off the selected tests if they are not relevant. |
More > Download CSV | Export test details for record-keeping or auditor review. |
Select one or more tests using the checkboxes in the test table.
Choose the action you want to perform.
Filter and Search Tests
New: Highlights newly added tests.
Result: Passed, Failed, Error.
Status: Enabled, Disabled, Unused, Testing.
Category (Production tab only): Device, Identity Provider, Infrastructure, Policy, etc.
Type (Production tab only): Drata, Custom Draft, Custom Published.
Exclusions: Filter tests which have exclusions.
Connection (Production tab only): Select a connection.
Control: Select a control to filter which tests are mapped to that control.
Framework: Select a framework to filter which tests are mapped to that framework.
Tickets: In progress or done.
Instructions for the Classic Experience ⬇️
The Monitoring page provides a single place to view the status of your security controls.
To view a guided walkthrough of Monitoring, watch the Monitoring Video Tutorial (Drata login required).
Prerequisite
Admins, Information Security Leads, DevOps Engineer, Workspace Managers, and Control Managers can access this section within Drata.
Access Monitoring page
Select Monitoring from the left navigation menu to access this page.
At the top of the Monitoring page, you can view the overall summary which includes percentage of Tests Passed, number of Failed Tests, and number of Passed Tests.
You can also filter your tests based on the test's result, status, category, type, and other parameters.
"New" Test filter
New tests that Drata released for the first time will be highlighted as "New" for 45 days before the "New" highlight is removed.
Result filter
Passed: Drata has captured all necessary data and determined the required conditions are being met.
Failed: Drata has captured all necessary data and determined the required conditions are not being met.
Error: The test ran into an issue that prevented Drata from capturing necessary data.
Status filter
Enabled: The test is enabled and will run daily with autopilot or can be run manually.
Disabled: The test is disabled and will not run with autopilot nor can it be run manually.
Unused: A connection that is required to run this test is missing, or no policy drafts have been started.
Category filter
Device: Filter for tests that monitor device compliance.
Identity Provider: Filter for tests that monitor authentication and authorization compliance requirements like MFA usage.
In Drata: Filter for tests that monitor items within Drata.
Infrastructure: Filter for tests that monitor infrastructure-related compliance requirements.
Observability: Filter for tests that verify for the correct configurations of infrastructure tools.
Policy: Filter for tests that monitor and automatically verifies for the required policy's existence, review, or acknowledgment.
Version Control: Filter for tests that monitor codebase-related requirements.
Ticketing: Filter for tests that can be powered by a ticketing integration like Jira.
Type filter
Drata: Filter for tests that Drata offers out-of-the-box.
Custom (published): Filter for custom tests that are published.
Custom (draft): Filter for custom tests that are drafts.
Exclusion filter
Use the "Has exclusions" filter to find tests with findings that were excluded from evaluation and results.
Control filter
Use this filter by searching and selecting controls to see which tests map to those controls.
Framework filter
Use this filter by searching and selecting framework(s) to see which tests correlate to which framework through the test's → control → requirement → framework mapping.
Tickets filter
Note: Only available if you are using a ticketing connection with write-enabled.
Use this filter to see which tests have "In progress" or "Done" tickets linked to them from your ticketing connection.
Test table overview
Name: The name of the test.
Result: The latest result of the test from its last run.
Findings: The number of failing findings for a test.
Status: The status of the test represented as a toggle.
Category: The category that the test belongs to.
Active connection: The connection(s) that the test is running on and monitoring.
The Fix error button indicates that the test encountered an issue preventing Drata from capturing the necessary data.
The Fix failure button indicates that Drata has captured all necessary data but determined that the required conditions are not being met.
⚠️ Note: Device-related tests on the Monitoring page apply only to employee devices. If a contractor fails a device-related check (such as the Password Manager check), this will not be reflected on the Monitoring page.
Bulk actions
Test now: This action will run all the selected tests.
Enable: This action will enable all the selected tests.
Disable: This action will disable all the selected tests.
Download CSV: This action will download all the selected tests into a CSV file.
Select the desired tests by using the checkbox on the left-hand side of the table.
If you would like to bulk select all the tests displayed on the page, select the checkbox in the column header.
Select the Select all <#> tests button.
Once a test has been selected, the More actions button to perform bulk actions will appear.
NOTE: You can use search or apply filters to get to a subset of tests before selecting and performing bulk actions. If you select tests and then update your search or filter, the tests you selected previously will remain selected.