arrow-left Back to Announcements
DATE:
AUTHOR:
The folks at Scrut
New Feature

4 new automated evidence types added in Scrut Monitor

DATE:
AUTHOR: The folks at Scrut

What's new?

We’ve added four new automated evidence types to Scrut Monitor, enabling you to collect audit-ready proof from:

  1. AWS CloudWatch Alarms (capacity & availability monitoring)

  2. Scrut Access Review Reports (user access reviews)

  3. GCP Firewall Rules (network traffic restrictions)

  4. Azure NSG Rules (firewall rule reviews)

Why it matters

These new evidence types target common audit requirements that typically require repetitive manual data pulls to share with auditors. This ensures your evidence is consistent, reliable, and up-to-date, helping you stay audit-ready without operational overhead.

How it works

The four new evidence types in Scrut Monitor include:

#1: AWS – CloudWatch Alarms

  • What it does: Automatically fetches a list of CloudWatch alarms (Metric or Composite).

  • Why it matters: Provides proof of capacity and availability monitoring by showing configured alarms across accounts and regions.

  • Evidence format: CSV export with alarm metadata (e.g., AlarmName, MetricName, Threshold, EvaluationPeriods, Actions).

  • Use case: Automates evidence for capacity monitoring reports and management review of monitoring controls.

#2: Scrut App – Reports of Completed Access Reviews (User Access Review Evidence)

  • What it does: Pulls all completed access review reports from the Scrut Access Review module.

  • Why it matters: Automates user access review evidence, a recurring audit requirement.

  • Collection logic:

    • First run → fetches all completed reports from the past 365 days.

    • Ongoing runs → only new reports since last run, avoiding duplicates.

  • Use case: Provides a complete audit trail of periodic access reviews without manual downloads.

#3: GCP – Firewall Rules (Network Traffic Restrictions for Databases)

  • What it does: Lists all firewall rules across selected GCP projects.

  • Why it matters: Helps prove network traffic restrictions for databases and other critical resources.

  • Evidence format: CSV with details like project, network, rule name, direction, action (allow/deny), priority, source/destination ranges, ports, and targets.

  • Use case: Automates firewall rule review evidence for auditors.

#4: Azure – Network Security Group (NSG) Rules (Firewall Rule Review)

  • What it does: Collects firewall/NSG rules across Azure subscriptions.

  • Why it matters: Demonstrates firewall rule configuration and review for audit purposes.

  • Evidence format: CSV with details such as subscription, resource group, NSG name, rule name, direction, access (allow/deny), priority, protocols, and source/destination addresses/ports.

  • Use case: Automates firewall review evidence for compliance checks.

Need help?

Your Customer Success Manager (CSM) is always ready to help if you need assistance. Explore all recent product updates → View now.

Powered by LaunchNotes