Once you have connected a remediator to your cloud account and configured a remediation policy that allows Automated remediations, supported Events that are received via AWS CloudTrail or CloudWatch Events will trigger remediations automatically. You can find any remediation that occurred in your account from the Remediation Reports page.
From here, you can click View Report next to any remediation to see details of what occurred. For event-driven (automated) remediations, you will see a timeline containing the following:
- Which real-time event Aqua CSPM received from the cloud provider that matched the criteria for triggering a remediation
- A detailed "mini scan" was run against the detected resource. For example, if a new S3 bucket is created, this would trigger a CSPM scan for just the newly-created bucket.
- Which Remediation Policy gave Aqua CSPM permission to perform the remediation.
- The remediation execution output and result.
You can also click the Event tab to see the original event Aqua CSPM received from CloudTrail that triggered the remediation.