Scan report deliveries are notifications from CloudSploit that a new background scan has completed. You have full control over where those reports are sent. First, let's discuss the difference between a scan report delivery and an alert:
- Scan Report Delivery
- A "delivery" is a notification sent to an email or integration notifying you of the completion of a recent scan. These deliveries contain a summary of the findings in the form of a count of pass, warn, and fail results. If new risks were detected during the scan, this will be highlighted as well.
- An "alert" is a notification sent to an integration notifying you of a specific result for a specific plugin. For example, you can receive an alert if the plugin "Root Account In Use" enters a warn or fail state.
You can read about alert configuration here. This article will focus on deliveries and how they can be configured and customized for your accounts an integrations.
There are two categories of scan deliveries: personal and third-party. A personal delivery is your own personal settings around which reports you receive. A third-party scan delivery affects everyone in your organization who subscribes to the integration. For example, modifying the Slack delivery settings will affect everyone in that Slack channel.
Note: While everyone can customize their own personal delivery settings, only account and group admins can customize delivery settings for a third-party integration.
Scan Report Options
There are three levels of report deliveries that CloudSploit can send to both personal and third-party integrations:
- Send All Scan Reports
- Every scan report will be sent, even if the results are identical to the previous report. While this may result in an excessive amount of email, depending on the frequency of your scans and the number of AWS accounts you connected, it may be beneficial to enable for some integrations (e.g. Slack) where notifications are less obtrusive.
- Send All New Risk Reports Only
- Reports will be sent only when new risks are detected. This is the optimal balance between receiving too many emails and missing important results. CloudSploit recommends this setting.
- Send No Reports (can be overridden per-account)
- If you elect to receive no scan reports, you will not receive any notifications when new scans are run, even if those scans contain critical security results. If you select this option, you can selectively configure your scan report deliveries on a per-account basis.
Personal Delivery Settings
You can control exactly what reports are sent to your own email address. To configure these settings, navigate to the "Scan Deliveries" page and select the "Personal" tab.
From here, you will see that you have the three options listed above. If you select the third radio button, the table at the bottom will be enabled and you can configure report deliveries on a per-account basis.
Note: The settings in the table are respected only if the option to decide report deliveries on a per-account basis option is selected.
Third-Party Integration Settings
Integration delivery settings are configured much the same way as personal settings. You have the same three options for each integration as well as the ability to selectively deliver reports for certain accounts on a per-account basis.
To configure these options, navigate to the "Report Deliveries" page and select the "Third-Party Integrations" tab. From there, you'll see each integration with a drop-down option. Selecting the third option enables the "Edit" button on the right where per-account settings can be configured.