CTS Trackers Have Traces Encrypted
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
cts-kms-encrypted-check |
|
Identifier |
cts-kms-encrypted-check |
|
Description |
If a CTS tracker does not have trace encryption enabled, this tracker is noncompliant. |
|
Tag |
cts |
|
Trigger Type |
Configuration change |
|
Filter Type |
cts.trackers |
|
Configure Rule Parameters |
None |
Applicable Scenario
This rule ensures that the traces dumped by a CTS tracker to an OBS bucket are encrypted.
Solution
You are advised to enable trace encryption for the noncompliant trackers.
Rule Logic
- If a CTS tracker (disabled or enabled) does not have trace encryption enabled, this tracker is noncompliant.
- If a CTS tracker (disabled or enabled) has trace encryption enabled, this tracker is compliant.
Constraints
If an organization CTS tracker is involved, and this rule is triggered with a member account from this organization, there may be a lag of up to 24 hours in updating the evaluating results due to the delay in collecting tracker resources deployed by the organization administrator.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
