All Collections
Control Monitoring
Adaptive Automation
Create custom test for Adaptive Automation
Create custom test for Adaptive Automation

Learn how to create and publish your custom test and view the PDF that the auditor has access to in order to learn about your custom test.

Jane Baik avatar
Written by Jane Baik
Updated this week

Learn how to create, publish and edit custom tests. You can create your own tests on the Monitoring page to leverage the data Drata is pulling from your systems to monitor what your organization needs. View the Role Administration & RBAC article to learn who has access to the Monitoring page.

Note: A tooltip within the app will indicate if you have reached the maximum amount of custom tests. If a published custom test has a draft version, both published and draft versions are still considered one test.

Create custom tests

Note: All custom published or draft tests are run by Autopilot daily.

To create custom tests, go to your Monitoring page and select Create test. Enter the test details and continue. Test name and description is included in the daily generated evidence that auditors have access to.

Test names must be unique within your account.

After continuing, a draft of your test is created, and you are redirected into the Test Builder page.

In the Test Builder page, you can configure the details of the test before you publish the test. The Test Builder page has two sections: Logic details and Condition Group.

Logic details

For the logic details section, select the evaluation threshold.

  • All results must pass: (Recommended) This means every condition group you've configured in the test builder must pass for the overall test to have a passing result.

  • At least one result must pass: This means only one of the condition groups you've configured in the test builder must pass for the overall test to have a passing result.

  • Only one result may fail: This means only one of the condition groups can fail (with the rest passing) for the overall test to have a passing result.

Select a provider to move onto the next steps. Ensure to select the desired accounts as well.

Condition Group

For each condition group, select a resources. The resource's come from the provider you selected. After selecting a resource, you can configure the conditions and add additional filtering criteria.

  • The condition fields are: attribute, operator, and value. The options in your attributes are pulled from your account. Select an attribute, then an operator, and then a value.

  • The filtering criteria is where you can configure what is included or excluded in the condition group.

You can add multiple condition groups, filtering criteria, and conditions.

Tags or labels

For certain resources, Drata also pulls in the tags or labels. You can uses these properties in your conditions or as a filtering criteria. Select the attribute depending on the provider you selected.

  • AWS: !Tags

  • GCP: !Labels

  • Azure: !Tags

Now, you can select the operator. After selecting the operator, you can enter the key name that is associated with the tag or label. For example, in the following image, we configured a test for a Buckets resource in AWS to verify if Encryption exists on all buckets, but we want to exclude all the buckets that contain a tag with key “{your key name}”.

Note: Custom tag properties are only evaluating the information in the key, not the value.

Another example is when you have tagged certain resources with DrataExclude so that you can filter those resources out on your existing Drata tests, you can include DrataExclude in the value so that you exclude those resources out as well.

After you set your configurations, save the draft and continue. The test is still a draft test.

Draft test overview

You should see a test details drawer and an initiation of an autopilot run so that you can see your draft test results. These test runs are logged on the Event Tracking page as ‘Autopilot Draft Test’ types.

The test details drawer has the following sections.

  • Test info: Includes Test name, description, status, and test logic. The test name also indicates if this is a draft test. The test status indicates whether the test is running.

    • Test logic: Includes the condition group details, last date of modification, and ability to edit test logic only for enabled or disabled custom test. A test cannot be edited during testing or unused state

    • Status: Enabled or disabled status. If all of the AWS connections are disconnected in drata, all custom tests' status is set to "unused". At least one of the AWS connections must be reconnected and the tests' status is set to "disable".

  • Last test result: The status of the last test result and when it was tested.

  • Ticket management: Once published, includes the ability to create tickets. You cannot create and map tickets in a draft test.

  • Test history: Includes the raw test evidence. Select see raw test evidence to view the logs in the Event Tracking page and filtered for only the results for that test.

  • Control info: Once published, includes the ability to map controls. You cannot map controls in a draft test.

    • This ensures that creating a draft test does not impact your compliance posture.

  • Internal notes: Includes the ability to add comments from others for better collaborative notes.

Troubleshoot failed test result

After the test runs, your test result might have failed. You can include or exclude resources that might have failed your test. Select the resources to exclude and then submit your reasons.

An excluding tab will appear next to the included tab that shows all of the excluded resources.

Publish custom test

To publish the test, select publish test. When you publish your test, the test history and internal notes will not carry over. The test logic and exclusions will carry over

After publishing the test, the test name will not have the draft indicator. With the published test, you can create tickets under the Ticket management section and map controls under Control info.

PDF version of your custom test for auditors

You can select the ‘see raw test evidence’ under Test history on your test details drawer to view the related log in the Event Tracking page or go to the Event Tracking page and search for your event log. Select the related event log and download the Raw evidence and Event Details pdf.

A PDF is downloaded and contains information about your custom test. Here is an example of what the PDF can look like:

The PDF contains the daily evidence that is generated from autopilot and includes important information like exclusions of resources, the reason for exclusion, test logic in JSON format, and the raw JSON response for the test.

To edit your custom test, go to Edit your custom test for adaptive automation.

Example workflow

Did this answer your question?