Remediation
Fix security findings with automated remediation, guided manual steps, and enterprise safeguards. Axura helps you remediate faster while maintaining safety.
Remediation Options
Axura provides multiple remediation approaches depending on your comfort level and organizational requirements:
Guided Manual Remediation
Step-by-step instructions with screenshots. You execute the fix in your own console.
One-Click Remediation
Pre-approved scripts that Axura executes on your behalf. Requires appropriate IAM permissions.
Auto-Remediation
Automatic fixes triggered when specific findings are detected. Fully configurable.
Jira Integration
Create remediation tickets in Jira for your engineering team to handle.
Enterprise Safeguards
Axura includes enterprise-grade safeguards to prevent accidental damage:
| Safeguard | Description | Use Case |
|---|---|---|
| Kill Switch | Emergency stop for all automated remediations | Incident response, unexpected behavior |
| Circuit Breaker | Auto-stops if too many failures occur | Prevent cascading failures |
| Change Windows | Only allow remediation during defined hours | Business hours only, no weekends |
| Four-Eyes Approval | Require approval from second person | High-risk changes in production |
| Rate Limiting | Limit number of remediations per hour | Prevent runaway automation |
⚠️ Production Safety
All automated remediations are logged and reversible. We recommend starting with guided manual remediation and gradually enabling automation as you build confidence.
Remediation Plans
For each finding, Axura generates a remediation plan:
{
"finding_id": "finding_abc123",
"title": "S3 Bucket Public Access Enabled",
"severity": "high",
"plan": {
"type": "one-click",
"estimated_time": "30 seconds",
"risk_level": "low",
"rollback_available": true,
"steps": [
{
"order": 1,
"action": "put-public-access-block",
"resource": "arn:aws:s3:::my-bucket",
"description": "Enable Block Public Access"
}
],
"verification": {
"method": "rescan",
"timeout": "5 minutes"
}
},
"approval_required": false,
"change_window_check": true
}Auto-Remediation Rules
Configure rules for automatic remediation of common issues:
rule:
name: "Block Public S3 Buckets"
trigger:
finding_type: "S3_PUBLIC_ACCESS"
severity: ["critical", "high"]
conditions:
- bucket_name_not_contains: "public"
- bucket_name_not_contains: "static"
action:
type: "remediate"
method: "put-public-access-block"
safeguards:
require_approval: false
change_window: "business_hours"
rate_limit: "10 per hour"
notifications:
slack: "#security-alerts"
email: "security@company.com"Approval Workflow
For high-risk remediations, enable approval workflows:
1. User requests remediation ↓ 2. System checks if approval required ↓ 3. If yes → Create approval request ↓ 4. Approver receives notification (Slack/Email) ↓ 5. Approver reviews and approves/rejects ↓ 6. If approved → Execute remediation ↓ 7. Log result and notify requester
Remediation Scripts
Axura provides ready-to-use scripts in multiple formats:
- AWS CLI - Direct AWS CLI commands
- Terraform - Infrastructure as Code changes
- CloudFormation - AWS native templates
- Pulumi - Code-based infrastructure
- Console Steps - GUI instructions with screenshots
Rollback Capability
For supported remediation types, Axura can automatically generate rollback scripts:
# Original state captured before remediation
# Rollback script generated automatically
# To rollback the S3 public access block:
aws s3api delete-public-access-block \
--bucket my-bucket
# Note: Use with caution. This will restore public access.💡 Audit Trail
Every remediation action is logged with the user who initiated it, approval chain, timestamp, and result. This audit trail is immutable and available for compliance audits.