icon-dspm.svg
Posture Control (DSPM)

Viewing the Organization Onboarding Status

DSPM runs a health validation service to check if the onboarding templates are deployed successfully and roles and permissions are configured for each account. The status of the onboarded target accounts, orchestrator account, and CloudTrail is updated based on the DSPM validations.

On the Overview tab, you can view the following details:

  1. New template available for deployment (Optional): A notification banner is displayed if a new template (tree discovery, orchestrator, or monitoring scope) is available for deployment. DSPM releases new templates to introduce new capabilities for existing resources, support new resources, or update functionalities for scanning or collecting metadata. Click See Details to view the newly available templates on the Roles and Templates tab.

    If you close the notification banner, it is removed only for the current session. The message is displayed when you log in again.

  2. Account Status: The account status displays the following:

    The number of accounts configured for data scan versus the total number of accounts in the organization.

    • Successfully Configured: The number of accounts that are configured and validated successfully.
    • Needs Attention: The number of accounts that have misconfigurations or permission issues.
    • Pending Configuration: The number of accounts for which the roles and permissions are yet to be configured and validated.
    • Monitored Regions: The list of regions that are selected for monitoring and scanning.
  3. Orchestrator Details: Information about the orchestrator account in which the DSPM's orchestrator template is deployed.
    • Account Name: The account name.
    • Account ID: The account ID.
    • Custom Tags: The number of custom tags added.
    • Region: The primary region selected while onboarding.
    • Network Type: The network configuration (Zscaler or Custom) used for onboarding the organization.
    • DSPM Connection Status: The connection status (Successful or Failed) of the orchestrator instance with DSPM.
    • Configuration Status: The configuration status (Successful, Warning, Failed, or Pending Validation) indicating whether all resources are available and permissions are configured correctly in the orchestrator account.
    • Last Connected: The last time the orchestrator instance was successfully connected with DSPM.
  4. CloudTrail: The details of the organization CloudTrail provided during onboarding.
    • CloudTrail Bucket Name: The name of the S3 bucket that is associated with CloudTrail.
    • Prefix: The prefix specified in the CloudTrail bucket path.
    • Bucket Account ID: The AWS account ID where the CloudTrail S3 bucket is present.
    • Status: The status (Enabled or Failed) of the CloudTrail configuration.

Related Articles
Onboarding an AWS OrganizationViewing the Organization Onboarding StatusChanging an Orchestrator AccountManaging Monitoring Scope for AWSDownloading Roles and Templates for AWSIAM Roles and Permissions for AWS