When an audit is completed, Audit Manager creates and stores the following types of artifacts in the destination storage buckets for you to view:
Before you begin
Ensure that you have the following IAM roles:
-
One of the following Audit Manager roles for the resource:
- Audit Manager Admin
(
roles/auditmanager.admin) - Audit Manager Auditor
(
roles/auditmanager.auditor)
- Audit Manager Admin
(
-
One of the following Cloud Storage roles for the storage bucket that contains Audit Manager reports:
- Storage Admin
(
roles/storage.admin) - Storage Legacy Bucket Owner
(
roles/storage.legacyBucketOwner) - Storage Legacy Object Reader
(
roles/storage.legacyObjectReader)
- Storage Admin
(
View Audit Manager reports
-
In the Google Cloud console, go to the Audit Managerpage.
-
In the Compliance auditssection, click View audits.
-
On the View assessmentspage, you can view the status of an in-progress audit or a completed audit.
-
Depending on the type of audit information you want to view, follow the instructions in the corresponding tab.
Audit summary report
- To view the audit summary, click the link in the Status
column.
The Basic information page displays the information about compliance controls in scope and the status of the automated compliance:
- Compliant: Shows the configurations that meet all the requirements.
- Violations: Shows the misconfigurations that are detected against a given control.
- Manual review needed: Shows the configurations that need user inputs to prove compliance and process control.
- Skipped: Shows the configurations that Audit Manager skipped for a given control.
- To see the details of a status, click View .
- To export the audit summary report, click Export . The audit summary report is exported in the ODS format.
Control overview report
- To view the audit summary, click the link in the Status
column.
The Basic information page displays the information about compliance controls in scope and the status of the automated compliance.
- Compliant: Shows the configurations that meet all the requirements.
- Violations: Shows the misconfigurations that are detected against a given control.
- Manual review needed: Shows the configurations that need user inputs to prove compliance and process control.
- Skipped: Shows the configurations that Audit Manager skipped for a given control.
- You can view the control overview report based on a control or
status.
- To view the control overview report based on a control, do the following:
- Expand the required control.
- To view the detailed compliance assessment against each rule, click the corresponding hyperlink. The controls page shows the responsibility, findings, and requirements.
- To view the control report based on a status, do the following:
- For the required status, click View .
- From the list of controls, click the required hyperlink. The controls page shows the responsibility, findings, and requirements.
- To view the control overview report based on a control, do the following:
- To export the control overview report, click Export . The control overview report is exported in the ODS format.
Evidence
- To view the audit summary, click the link in the Status
column.
The Basic information page displays the information about compliance controls in scope and the status of the automated compliance.
- Compliant: Shows the configurations that meet all the requirements.
- Violations: Shows the misconfigurations that are detected against a given control.
- Manual review needed: Shows the configurations that need user inputs to prove compliance and process control.
- Skipped: Shows the configurations that Audit Manager skipped for a given control.
- You can view the control overview report based on a control or
status.
- To view the control overview report based on a control, do the following:
- Expand the required control.
- To view the detailed compliance assessment against each rule, click the corresponding hyperlink. The controls page shows the responsibility, findings, and requirements.
- To view the control report based on a status, do the following:
- For the required status, click View .
- From the list of controls, click the required hyperlink. The controls page shows the responsibility, findings, and requirements.
- To view the control overview report based on a control, do the following:
- To view the evidence for a finding, click the corresponding hyperlink. The Object details page with the evidence details opens in a separate tab.
- To download the evidence, click Download . The evidence is downloaded in the JSON format.
- To view the audit summary, click the link in the Status
column.
Alternatively, you can download the required report and evidence directly from the destination storage bucket. For the detailed instructions, see Download an object from a bucket .
Audit summary report
An audit summary report is a comprehensive report that provides a high-level overview of all compliance controls and a responsibilities matrix to help you understand the system.
In the destination storage bucket, the audit summary report uses the following naming convention:
audit-reports/audit_ CONTROL_PACKAGE_NAME
_ TIMESTAMP
/ UNIQUE_ID
/overall_report.ods
The placeholder values are described as follows:
- CONTROL_PACKAGE_NAME
: The name of the control package, such
as
SOC2 2017. - TIMESTAMP : A timestamp when the report was generated.
- UNIQUE_ID : A unique ID for the report.
For each applicable control type, the following fields are populated in the audit summary report:
- Non-Compliant : Compliance drift detected
- Compliant : System is compliant
- Manual Review Needed : Artifacts are produced but user input is required to conclude on status of compliance
- Skipped : Manual control, automation not present
Control overview report
A control overview report contains a detailed description of the compliance evaluation for a single control. It provides assessment details for each compliance check with observations and expected values.
In the destination storage bucket, the control overview report uses the following naming convention:
audit-reports/audit_ CONTROL_PACKAGE_NAME
_ TIMESTAMP
/ UNIQUE_ID
/ CONTROL_ID
.ods
The placeholder values are described as follows:
- CONTROL_PACKAGE_NAME
: The name of the control package, such as
CIS_CONTROLS_V8. - TIMESTAMP : A timestamp when the report was generated.
- UNIQUE_ID : A unique ID for the report.
- CONTROL_ID : The ID for the control.
A control overview report looks similar to the following example:
Evidence
Evidence includes all the resources evaluated for each control, including a raw dump of asset data along with the command that was run to produce the output.
In the destination storage bucket, evidence uses the following naming convention:
audit-reports/audit_ CONTROL_PACKAGE_NAME
_ TIMESTAMP
/ UNIQUE_ID
/evidences/evidence EVIDENCE_ID
.json
The placeholder values are described as follows:
- CONTROL_PACKAGE_NAME
: The name of the control package, such as
CIS_CONTROLS_V8. - TIMESTAMP : A timestamp when the report was generated.
- UNIQUE_ID : A unique ID for the report.
- EVIDENCE_ID : A unique ID for the evidence.
