Learn how to create, publish and edit custom tests. You can create your own tests on the Monitoring page to leverage the data Drata is pulling from your systems to monitor what your organization needs. View the Role Administration & RBAC article to learn who has access to the Monitoring page.
Note: A tooltip within the app will indicate if you have reached the maximum amount of custom tests. If a published custom test has a draft version, both published and draft versions are still considered one test.
Create custom tests
Note: All custom published or draft tests are run by Autopilot daily.
To create custom tests, go to your Monitoring page and select Create test. Enter the test details and continue. Test name and description is included in the daily generated evidence that auditors have access to.
Test names must be unique within your account.
After continuing, a draft of your test is created, and you are redirected into the Test Builder page.
In the Test Builder page, you can configure the details of the test before you publish the test. The Test Builder page has two sections: Logic details and Condition Group.
Logic details
For the logic details section, select the validation requirement.
All condition groups pass: (Recommended) This means every condition group you've configured in the test builder must pass for the overall test to have a passing result.
Only one condition group needs to pass: This means only one of the condition groups you've configured in the test builder must pass for the overall test to have a passing result.
Only one condition group can fail: This means only one of the condition groups can fail (with the rest passing) for the overall test to have a passing result.
The category, provider, and account is populated and cannot be edited.
Condition Group
For the condition group section, you can create up to 7 condition groups. This means that for one test, you can add up to 7 resources. Within each condition group, you can also have up to 3 nested conditions and add an additional filtering criteria to decide what is included or excluded in the condition group. To add a nested condition, select ‘+ Condition’. To add a filtering criteria, select ‘Add filtering criteria’.
For each condition group, select a resource out of the 44 AWS resources available. After selecting a resource, you can configure the conditions. The condition fields are: attribute, operator, and value. The attribute options are pulled from your data from your AWS account. The types of operators and values are based on the attribute that you select.
To add a filtering criteria for a condition group, select ‘Add filtering criteria’. After you set your configurations, save the draft and continue. The test is still a draft test. In the upcoming sections, you can select Publish to publish the test.
You should see a test details drawer and an initiation of an autopilot run so that you can see your draft test results. These test runs are logged on the Event Tracking page as ‘Autopilot Draft Test’ types.
The test details drawer has the following sections.
Test info: Includes Test name, description, status, and test logic. The test name also indicates if this is a draft test. The test status indicates whether the test is running.
Test logic: Includes the condition group details, last date of modification, and ability to edit test logic only for enabled or disabled custom test. A test cannot be edited during testing or unused state
Status: Enabled or disabled status. If all of the AWS connections are disconnected in drata, all custom tests' status is set to "unused". At least one of the AWS connections must be reconnected and the tests' status is set to "disable".
Last test result: The status of the last test result and when it was tested.
Ticket management: Once published, includes the ability to create tickets. You cannot create and map tickets in a draft test.
Test history: Includes the raw test evidence. Select see raw test evidence to view the logs in the Event Tracking page and filtered for only the results for that test.
Control info: Once published, includes the ability to map controls. You cannot map controls in a draft test.
This ensures that creating a draft test does not impact your compliance posture.
Internal notes: Includes the ability to add comments from others for better collaborative notes.
Troubleshoot failed test result
After the test runs, your test result might have failed. You can include or exclude resources that might have failed your test. Select the resources to exclude and then submit your reasons.
An excluding tab will appear next to the included tab that shows all of the excluded resources.
Publish custom test
To publish the test, select publish test. When you publish your test, the test history and internal notes will not carry over. The test logic and exclusions will carry over
After publishing the test, the test name will not have the draft indicator. With the published test, you can create tickets under the Ticket management section and map controls under Control info.
PDF version of your custom test for auditors
You can select the ‘see raw test evidence’ under Test history on your test details drawer to view the related log in the Event Tracking page or go to the Event Tracking page and search for your event log. Select the related event log and download the Raw evidence and Event Details pdf.
A PDF is downloaded and contains information about your custom test. Here is an example of what the PDF can look like:
The PDF contains the daily evidence that is generated from autopilot and includes important information like exclusions of resources, the reason for exclusion, test logic in JSON format, and the raw JSON response for the test.
To edit your custom test, go to Edit your custom test for adaptive automation.
Example workflow