This topic explains the configuration of the Host Assurance Policies for the Cloud Workload Scanning service and the impact of these policies to detect findings. Host Assurance Policies offer a subset of controls that can be configured exclusively for Cloud Workload Scanning. After scanning the VMs, Host Assurance is responsible for the following:

  • Evaluating the scanning findings, according to Host Assurance Policies and the controls for Cloud Workload Scanning that you define and configure
  • Determining whether hosts are compliant, based on these policies
  • Creating an audit event for host assurance failure

Host Assurance Policy controls

There are a few out-of-the-box controls offered in the Host Assurance Policies for Cloud Workload Scanning. To view these controls:

  1. Navigate to Policies > Assurance Policies.
  2. Create a new Host Assurance Policy or open an existing policy. For more information, refer to Host Assurance Policies.
  3. In the Controls section, select Cloud Workload from the Enforcer Type dropdown. You can see the list of controls that are applicable to Cloud Workload Scanning.

All these controls are also applicable to Host Assurance by Enforcers. Configurations in the existing Host Assurance Policies will also be applied to the Cloud Workload Scanning service. You can configure policies as required, to apply Host Assurance on both the Cloud Workload Scanning service and protection by Enforcers. For more information on the existing Host Assurance Policies, refer to Host Assurance Overview and Host Assurance Policies.