Between exclusions and disabling, Drata customers can configure the
'Monitoring' page to only flag items that are relevant for their specific company and configurations. But how do you know when to use each?
Exclusions: the test itself is relevant, but certain items within are not.
Exclusions example: database monitoring. I want the test to run everyday and catch potential databases in the future but this one specific database is ok to not be monitored, let me exclude it.
Disabling: the test itself isn't relevant because either the control isn't applicable to my company, or I am using something else to monitor or implement this control and don't need Drata to.
Disabling example: I don't need Drata's pre-built test to look for AWS WAF enabled, because I don't have WAF enabled on purpose since we use Cloudflare for that and can just take a screenshot of Cloudflare to satisfy this requirement during my audit.