Aqua CSPM scans are designed to be flexible and configurable for your environment and organizational requirements. At their core, scans consist of a series of plugins, which can each be customized in several ways.


Modifying Plugin Severity Levels

By default, each CSPM plugin has a built-in severity level, ranging from low to critical, which reflects the risk to the organization if the security control checked by that plugin is not properly implemented. For example, the risk of having an unencrypted S3 bucket may be "low" while having an S3 bucket exposed publicly may be "high."

However, plugin severity is a choice that can be made at the organization level and overridden in the Aqua. To do this:

  1. Log into the Aqua console and navigate to the Plugins page
  2. Locate the plugin you wish to modify and select the drop-down menu to its right. Click Change Severity.

  3. In the popup box, change the severity to the level you wish to use.

  4. Save.

Overriding Plugin Default Settings

Some CSPM plugins have extra settings that allow you to override the default behavior of the plugin itself. For example, a plugin that triggers a failure when a domain is expiring may allow you to define how many days prior to the domain's expiration the failure is triggered (with the default being "90").

To modify these settings:

  1. Log into the Aqua console and navigate to the Plugins page.

  2. Locate the plugin you wish to modify. If it has settings that can be changed, you will see a chart like the one below:

  3. Click Edit next to the setting you wish to change.

  4. In the popup box, apply a new setting either globally (to all of your cloud accounts) or to specific cloud accounts using the table.

  5. Note that global overrides will apply unless a per-account override is defined.

  6. Click Save.

Plugin Severity Rankings

Aqua CSPM assigns a default severity ranking to each plugin. Refer What do plugin severity rankings mean to know how the plugin severity rankings are categorized and assigned.