Drata

Between exclusions and disabling, Drata customers can configure the 

'Monitoring' page to only flag items that are relevant for their specific company and configurations. But how do you know when to use each?

Exclusions: the test itself is relevant, but certain items within are not.

Exclusions example: database monitoring. I want the test to run everyday and catch potential databases in the future but this one specific database is ok to not be monitored, let me exclude it.

Disabling: the test itself isn't relevant because either the control isn't applicable to my company, or I am using something else to monitor or implement this control and don't need Drata to.

Disabling example: I don't need Drata's pre-built test to look for AWS WAF enabled, because I don't have WAF enabled on purpose since we use Cloudflare for that and can just take a screenshot of Cloudflare to satisfy this requirement during my audit.

When should you use each option within Drata?

Exclusions vs. Disabling a Test

Find answers and get help from Intercom Support and Community Experts

Empty Help Center

Uh oh. That page doesn’t exist.

Disappointed

Neutral

Smiley

Title

Track the progress of all tickets related to your company.

Tickets portal.

{assigneeName} needs more information from you