Adaptive Automation allows you to create customizable tests so that you can automate gathering evidence and monitoring your systems for your unique compliance program. Adaptive Automation also provides service coverage for AWS, GCP, and Azure. All tests are thoroughly documented to ensure your auditors have a clear understanding of your tests.
Here are some common and popular use cases for custom tests:
Create custom tests and map our pre-built Drata controls to monitor your organization’s unique compliance needs.
Create custom tests to automate the monitoring of controls that were manually monitored.
Create custom tests to automate the monitoring of your custom security and compliance controls.
To get started, view the Create Custom Test For Adaptive Automation article for step-by-step instructions.
Create and map custom test to DCF
Build custom tests that are tailored to your compliance needs and map those tests to our pre-built Drata controls for full customization and control automation. The following sections showcase examples of custom tests that fulfilled compliance needs and utilized DCF.
Monitor the status of daily backups
You can create a custom test to verify if the backup jobs configured in AWS Backup were executed daily.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter BackupJobs
AWS BackupJobs is a resource that allows you to configure backup policies and monitor backup activity for AWS resources in one place.
Attribute: Enter State
Operator: Select Equals
Value: Enter COMPLETED
After you publish the custom test, make sure to map DCF-98 (Daily Backup Statuses Monitored) to your test.
Review user access privileges
You can create a custom test to verify user access reviews and to monitor service-level roles if applicable.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
For this example, the provider is “AWS”, but GCP is also a common provider for reviewing user access privileges.
Resource: Enter Lambda
You can also enter any AWS or GCP resource exposing roles such as AWS Lambda, EC3 and S3.
Attribute: Enter Role
Operator: Select Equals
Value: Enter an associated “ARN”
After you publish the custom test, make sure to map DCF-11 (Periodic Access Reviews) to your test.
Verify deployment for anti-malware solution
Create a test to verify for deployment of an anti-malware solution to maintain security compliance.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter GuardDuty
AWS GuardDuty is a service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts, workloads, and data.
In this example, AWS GuardDuty fulfills this role for AWS services, providing essential security functions.
Attribute: Enter
detector.DataSources.MalwareProtection.ScanEc2InstanceWithFindings.EbsVolumes.Status
Operator: Select Equals
Value: Enter ENABLED
After you publish the custom test, make sure to map DCF-291 (Anti-Malware on All System Components) to your test.
Verify for alerting system regarding critical failures
Create a test to verify if there is an alerting system in place to let your personnel know of critical failures.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter CloudTrail
AWS CloudTrail is a service that provides logging, monitoring, and retain account activity across AWS infrastructure. CloudTrail SnsTopic has the notification categories for alerts.
Attribute: Enter
SnsTopicName
Operator: Select Equals
Value: Enter
EnvironmentTrailNotification
Name
After you publish the custom test, make sure to map DCF-444 (Critical Security Control System Failure Alert) to your test.
Verify configuration of security parameters
Create a test to verify if security parameters are configured and in place to prevent misuse, and to ensure the configuration of resources are monitored.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter ConfigRules
AWS ConfigRules evaluates the configuration settings of AWS resources.
Attribute: Enter
ConfigRuleState
Operator: Select Equals
Value: Enter ACTIVE
After you publish the custom test, make sure to map DCF-244 (System Security Parameters in Configuration Standards) to your test.
Create custom tests for automate monitoring controls
Create custom tests to automate the monitoring of controls that were manually monitored. Refer to the following sections for examples.
Validate if threat detection system is enabled
Create a test to verify that logging and monitoring are enabled in your AWS GuardDuty instance.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter GuardDuty
AWS GuardDuty is a service that continuously monitors for malicious activity and unauthorized behavior to protect AWS accounts, workloads, and data.
Attribute: Enter
detector.datasources.S3logstatus
Operator: Select Equals
Value: Enter ENABLED
After you publish the custom test, make sure to map DCF-87 (Threat Detection System) to your test.
Ensure data is encrypted
Create a test to verify that the data stored by AWS Redshift are encrypted.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter RedshiftClusters
AWS Redshift is a fully managed cloud data warehouse.
Attribute: Enter
cluster.Encrypted
Operator: Select Equals
Value: Enter TRUE
After you publish the custom test, make sure to map DCF-54 (Encryption at Rest) to your test.
Verify authentication for version control system
Create a test to verify that basic authentication is enabled for all the repos in AWS CodeBuild.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter SourceCredentials
AWS CodeBuild is a fully managed, continuous integration service that compiles source code, runs tests, and produces ready-to-deploy software packages.
Attribute: Enter
authType
Operator: Select Equals
Value: Enter OAuth
After you publish the custom test, make sure to map DCF-4 (Version Control System) to your test.
Verify load balancers across availability zones
Create a test to verify that load balancers are used across availability zones in your AWS account.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter ElasticLoadBalancingV2
AWS ELBv2 is a load balancing service that includes ALB and NLB.
Attribute: Enter
AvailabilityZones.length
Operator: Select Greater Than
Value: Enter 1
After you publish the custom test, make sure to map DCF-96 (Load Balancer) to your test.
Create custom test for automate monitoring security and compliance controls
Create custom tests to automate the monitoring of controls that were manually monitored. Refer to the following sections for examples.
Verify AutoScaling policies are enabled
Create a test to verify that the appropriate AutoScaling policies are in place in your account.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter ApplicationAutoScalingPolicies
AWS AutoScaling is a service that monitors applications and automatically adjusts capacity according to demand.
Attribute: Enter
StepScalingPolicyConfiguration
Operator: Select Exists
Value: Enter TRUE
After you publish the custom test, make sure to map a custom control to your test.
Verify AutoScaling policies are enabled
Create a test to verify that your infrastructure logs are encrypted.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter CloudTrail
AWS CloudTrail is a service that provides logging, monitoring, and retain account activity across AWS infrastructure.
Attribute: Enter
KmsKeyId
Operator: Select Exists
Value: Enter TRUE
After you publish the custom test, make sure to map a custom control to your test.
Verify AutoScaling policies are enabled
Create a test to verify that termination protection is enabled for the customer’s EMR clusters.
Go to the Monitoring page and select Create test.
Add a descriptive Test name and Description.
Select the following configurations when building the test.
Provider: Select AWS
Resource: Enter EMRClusters
AWS EMR is a platform for running large-scale distributed data processing jobs, interactive SQL queries, and machine learning applications.
Attribute: Enter
AutoTerminate
Operator: Select Equals
Value: Enter TRUE
After you publish the custom test, make sure to map a custom control to your test.