Skip to main content
All CollectionsMonitoringCustom Tests
Create custom test for Adaptive Automation
Create custom test for Adaptive Automation

Learn how to create and publish your custom test and view the PDF that the auditor has access to in order to learn about your custom test

Updated over 3 months ago

Learn how to create, publish, and edit custom tests. You can create your own tests on the Monitoring page to leverage the data Drata pulls from your systems to monitor your organization's needs. View the Role Administration & RBAC article to learn who has access to the Monitoring page.

Note: A tooltip within the app indicates if you have reached the maximum number of custom tests. If a published custom test has a draft version, both published and draft versions are considered one test.

Create custom tests

Note: All custom published or draft tests are run by Autopilot daily.

To create custom tests, go to your Monitoring page and select Create test. Enter the test details and continue. The test name and description are included in the daily generated evidence that auditors have access to.

Test names must be unique within your account.

After continuing, a draft of your test is created, and you are redirected to the Test Builder page.

On the Test Builder page, you can configure the details of the test and access additional resources before publishing it. You can create your custom test on either the Builder tab or Advanced editor tab. In general, the main sections on the Test Builder page are Logic details and Condition Group.

  • Builder tab: Create simple custom tests that do not need access to properties (or data) within an array.

  • Advanced editor tab: Create more complex tests. With this tool, you can design tests to assess nested properties within arrays and other intricate data structures.

    • Before diving into the Advanced Editor, we recommend familiarizing yourself with the overall process of creating custom tests. Comprehensive documentation on the complete flow of custom tests is available on this page. However, if you’re ready to explore the Advanced Editor in detail, go to Advanced editor in the Test Builder help article to learn more.

To understand the types of data each resource contains, you can utilize our Resource Guide. For more information about the Resource Guide, go to Resource Guide for custom tests.

Logic details

ℹ️ Note: The Logic details section must be configured in order for you to continue building out the rest of your test. After entering the required details within the Logic details, the rest of the test will be displayed.

For the logic details section, select the evaluation threshold.

  • All results must pass: (Recommended) This means every condition group you've configured in the Test Builder must pass for the overall test to pass.

  • At least one result must pass: This means only one of the condition groups you've configured in the test builder must pass for the overall test to pass.

  • Only one result may fail: This means only one condition group can fail (with the rest passing) for the overall test to pass.

Select a provider and accounts to move on to the next steps.

Condition Group

For each condition group, select a resource you want your test to evaluate.

The available resources depend on what provider was selected in the previous section, Logic details, and what service was selected under the Condition Group section.

After selecting a resource, you can configure the conditions and add additional filtering criteria.

  • The condition fields are: attribute, operator, and value. The options in your attributes are pulled from your account. Select an attribute, then an operator, and then a value.

  • The filtering criteria is where you can configure what is included or excluded in the condition group.

You can add multiple condition groups, filtering criteria, and conditions.

Resource availability note: Once all of the available resources for a given service have been utilized, that service will no longer appear as service option for the next condition group you add.

For example, if the Redshift service available resource was RedshiftCluster and the RedshiftCluster was used in a condition group, the next condition group you create will not display Redshift as an option for services.

Resource automatically resetting note: After selecting all of the configurations for a test, if you then update the service to anything other than "All services" or the resource, the rest of the test will reset and you will have to enter the new configurations details based on the newly selected filters.

Tags or labels

For certain resources, Drata also pulls in the tags or labels. You can use these attributes in your conditions or as a filtering criteria. Select the attribute depending on the provider you selected.

  • AWS: !Tags

  • GCP: !Labels

  • Azure: !Tags

Now, you can select the operator. After selecting the operator, you can enter the key name that is associated with the tag or label. For example, in the following image, we configured a test for a Buckets resource in AWS to verify if Encryption exists on all buckets, but we want to exclude all the buckets that contain a tag with key “{your key name}”.

Note: Custom tag properties only evaluate the information in the key, not the value.

Another example is when you have tagged certain resources with DrataExclude so that you can filter those resources out on your existing Drata tests, you can include DrataExclude in the value so that you exclude those resources out as well.

After you set your configurations, save the draft and continue. You will be redirected to that test drawer. The test is still a draft test.

Once a test is in draft mode, an initiation of an autopilot run so that you can view the results of your draft test. The test runs are logged on the Event Tracking page as Autopilot Draft Test types.

Draft test overview

To view your draft tests:

  1. Go to Monitoring page.

  2. Select the Drafts tab on the table.

  3. These are all of your drafts test.

The test details drawer has the following sections.

  • Test info: Includes Test name, description, status, and test logic. The test name also indicates if this is a draft test. The test status indicates whether the test is running.

    • Test logic: Includes the condition group details, last date of modification, and ability to edit test logic only for enabled or disabled custom tests. A test cannot be edited during testing or unused state

    • Status: Enabled or disabled status. If all of the AWS connections are disconnected in drata, all custom test status is set to "unused". At least one of the AWS connections must be reconnected and the tests' status is set to "disable".

  • Last test result: The status of the last test result and when it was tested.

  • Ticket management: Once published, includes the ability to create tickets. You cannot create and map tickets in a draft test.

  • Test history: Includes the raw test evidence. Select See Raw Test Evidence button to view the logs in the Event Tracking page and filtered for only the results for that test.

  • Control info: Once published, includes the ability to map controls. You cannot map controls in a draft test.

    • This ensures that creating a draft test does not impact your compliance posture.

  • Internal notes: Includes the ability to add comments from others for better collaborative notes.

Troubleshoot failed test result

After the test runs, your test result might have failed. You can include or exclude resources that might have failed your test. Select the resources to exclude and then submit your reasons.

An excluding tab will appear next to the included tab that shows all of the excluded resources.

Publish custom test

To publish the test, select publish test. When you publish your test, the test history and internal notes will not carry over. The test logic and exclusions will carry over

After publishing the test, the test name will not have the draft indicator. With the published test, you can create tickets under the Ticket management section and map controls under Control info.

PDF version of your custom test for auditors

  1. Select the See Raw Test Evidence button under Test history on your test details drawer to view the related log in the Event Tracking page.

    • Or, you can also go directly to the Event Tracking page and search for your event log.

  2. Select the related event and download the Raw Evidence and Event Details .pdf.

A PDF is downloaded and contains information about your custom test. Here is an example of what the PDF can look like:

The PDF contains the daily evidence that is generated from autopilot and includes important information like exclusions of resources, the reason for exclusion, test logic in JSON format, and the raw JSON response for the test.

Edit your custom test

To edit your custom test, go to Edit your custom test for adaptive automation.

Example workflow

Did this answer your question?