OpsCompass Drift Overview

Unexpected changes to your cloud resources may create security or compliance risk. OpsCompass detects changes in your cloud configuration so that you can take appropriate action.

Monitoring your cloud configuration for unexpected changes is an important part of successful cloud management. Unplanned changes to your cloud configuration may expose your systems to security or compliance risk, and may cause unexpected cost increases.

Rather than mining endless log files searching for evidence of possible misconfiguration, OpsCompass includes a Drift monitoring feature that can detect and alert you to changes in configuration. 

Drift Module Overview

OpsCompass periodically scans your cloud resources to evaluate their configurations. For some resources, OpsCompass detects change events for your resources when they occur. These changes, or drifts, are visible in the Drift module of OpsCompass.

Drift Alerts in OpsCompass indicate a change. Each entry in the drift results page shows one individual change to one individual resource. Drift concerns identify the nature of the drift. For example, a drift alert with the "Networking" label indicates a change to networking configuration has been detected. 

Clicking a drift alert in OpsCompass brings you to a scree that shows detailed information about the drift. At the top of the page, the name, the resource type, the time of discovery and status information as shown. 

For Drift Alerts with a known cause, the attribution is displayed. In this case, a person has been identified as the cause of the change. In many cases, changes may be caused by templates, or even the cloud providers themselves.

For each drift concern that has been triggered, the user is offered an opportunity to explain the reason for the drift, and to acknowledge the change so that it is not offered in future Drift Alerts. By explaining and acknowledging drift over time, operations teams can track changes to their configuration day by day, resource by resource. This enables precise control over environment configuration.

A JSON-based view of the change is displayed. By default the JSON view is collapsed to display only the properties that have been changed. When it is necessary to view a change in context of the entire resource, the JSON description can be expanded to show the configuration of the whole resource. 

The green area indicates the property that has been changed. The red bars indicate the specific lines of JSON that have been changed. 

Drift History

As long as a resource is connected to OpsCompass, it will be scanned, and individual drifts will be stored and viewable later. For resources with multiple drifts, users can navigate through Previous/Next views from the Drift Alert Details page. The Inventory Resource Page also shows the change history of a specific resource. Both of these views can help in troubleshooting or forensic-style investigations.

Drift Concerns

OpsCompass differentiates between many kinds of drift. By default, OpsCompass enables many kinds of drift concerns including Cost, Data, Compliance, Networking, Security, Identity & Access Management and others. To review drift concerns for your user profile, select the "Drift Concerns" option from the profile dropdown menu in the top right corner.

Opening the Drift Concerns page reveals which drift concerns are enabled. Users with Drift Owner role responsibilities can enable, disable specific drift concerns for the Drift Alerts view, and can create or edit drift concerns.

Enabled Drift Concerns result in Drift Alerts in the Notification Bar, the Drift Module, and other areas like Slack Notifications. To enable specific drift concerns for specific users, use the Teams feature in the profile menu to group drift concerns by team, and to assign specific users to specific teams. 

Filtering Drift Alert Views

Many cloud-native workflow include thousands of individual cloud resources. The detailed nature ofDrift Alerts can be overwhelming in dynamic environments. To improve this experience, OpsCompass offers several options to filterDrift Alerts to a manageable view.

Scope

Scoping the view in OpsCompass helps trim the accounts in view. In many cases this is an easy way to filter to a specific environment or workload. The scope feature is a global view filter, and is located in the navigation bar. Changes to Scope affect all product modules as you navigate between tools.

In this case, only the production environment is needed. To select a single account or cloud provider, double-click the account. Alternatively, you can select each account or provider with a single click to provide a view of drift alerts from multiple accounts. 

  • Cloud Provider - select or de-select a cloud provider to view all toggle all accounts of that provider. Selecting AWS, for example, will toggle all AWS accounts. 
  • Cloud Accounts - select or de-select a specific cloud account/subscription/project to toggle that specific account. Selecting accounts affects the Cloud Provider group above. For example, if you de-select AWS in the Cloud Provider area and then select an AWS account from the Cloud As

The option "Make Default" will ensure that future OpsCompass sessions filters to this specific scope for each module. 

Page Filter

OpsCompass includes a fine-grained filter for Drift Alerts to narrow the focus of the drift view. In each OpsCompass module, the page filter is specific to the functionality in question. 

For Drift Alerts, OpsCompass offers the following page filter options:

  • Dates - by default, OpsCompass filters Drift Alerts to the previous 14 days. 
  • Accounts - filters the Drift Alerts view to specific accounts/subscriptions/projects.
  • Concerns - filters theDrift Alerts view to the selected drift concerns.
  • Resource types - filters the Drift Alerts view to the selected resource types, such as NetworkSecurityGroup, Virtual Machine, IAM Role or others.
  • User Attribution - filtersDrift Alerts view to alerts that were caused by users. 
  • Change Types - filtersDrift Alerts to view changes, or permits the inclusion of Security Recommendations from the native cloud providers.
  • Status - filters theDrift Alerts view to open, and acknowledged drifts. By default, only open drift alerts are displayed.

Choosing "Apply" enables the filter for this session. Choosing "Save Filter" allows you to name the filter and recall it in future sessions.