Views:

Use natural language to create custom compliance rules with the AI-powered generator.

Before you begin

Before you begin, ensure you have:
  • An active Cloud Risk Management account
  • At least one connected cloud account
The AI-powered custom rules generator allows you to create compliance checks by describing your requirements in natural language. The system automatically generates a validated rule configuration, eliminating the need to manually write JSON or understand complex API structures.
This feature is the fastest way to create custom rules and is ideal for users who want to define compliance requirements without technical expertise in API development.
Note
Note
This initial release supports AWS resources. Support for additional cloud providers will be added in future releases.

Procedure

  1. Open the AI-powered generator
    1. In the Cloud Risk Management console, navigate to Misconfiguration and Compliance.
    2. Go to Rule Setting ProfilesOrganisation profile rule settings.
    3. Click Generate custom rule with AI.
  2. Describe your compliance requirement
    Type a clear description of the compliance check you need in the text field. The system typically takes 15–30 seconds to generate a result.
    Example descriptions:
    • "Ensure all S3 buckets have server-side encryption enabled"
    • "Check that EC2 instances are tagged with a Cost Centre tag"
    • "Verify that IAM users are created within the last 90 days"
    Tip
    Tip
    For better results:
    • Be specific about the cloud service and the condition you want to check
    • Describe one compliance requirement per rule
    • Focus on what a compliant resource looks like (for example, "encryption should be enabled" rather than "find unencrypted resources")
    Click Generate rule to create the rule configuration.
  3. Review the generated rule
    Once generation completes, review the following information:
    • AI Explanation — A natural language description of how the rule works and why it was configured this way
    • Rule name and description — A summary of what the rule checks
    • Rule configuration (JSON) — The full technical configuration that will be saved
    • Warnings — Any notes about potential limitations or assumptions the system made
    Important
    Important
    Verify that the rule matches your intent before proceeding to save.
  4. Adjust rule settings
    Before saving, you can customize:
    • Risk level — Select from Low, Medium, High, Very High, or Extreme
    • Categories — Choose one or more compliance categories:
      • Security
      • Operational Excellence
      • Cost Optimisation
      • Reliability
      • Performance Efficiency
      • Sustainability
  5. Save the rule
    Click Save rule to add the rule to your organisation.
    The rule is saved and will run automatically during the next Cloud Risk Management scan across all relevant cloud accounts.
After saving, the custom rule will:
  • Run automatically during the next Cloud Risk Management scan
  • Produce pass (SUCCESS) or fail (FAILURE) check results
  • Appear in the Misconfiguration and Compliance dashboard alongside built-in rules
Note
Note
If no checks appear after the scan:
  • Confirm that you have the relevant resources in your connected cloud accounts (for example, an S3 encryption rule only produces results if you have S3 buckets)
  • Refresh your browser window to ensure the application loads the latest data
  • Verify that the rule configuration correctly matches your resource attributes

Next steps

You can manage your custom rules through the same interface or use the Custom Rules API for programmatic access. For API-based management, see Custom rules basic set up .

Frequently asked questions Parent topic

  1. Do I need technical knowledge to use the AI generator?
    No. Describe your compliance requirement in natural language, and the system handles the rest.
  2. Can I edit the generated rule before saving?
    Yes. You can adjust the risk level and categories in the review step. The full JSON configuration is also displayed for reference.
  3. How quickly will I see results?
    Results appear after the next Cloud Risk Management scan completes. Scan frequency depends on your account configuration.
  4. What if the generated rule doesn't match what I intended?
    Review the explanation and configuration before saving. If it doesn't look right, try rephrasing your prompt with more specific details. You can generate as many times as needed.
  5. Can I use custom rules alongside built-in rules?
    Yes. Custom rules run alongside all built-in compliance rules during every scan. Results appear together in the same dashboard.
  6. Can I build rules for providers other than AWS?
    This initial release supports AWS resources. Support for additional cloud providers will be added in future releases.
  7. What happens if the AI generator is temporarily unavailable?
    You can always create rules directly through the API. The AI Generator is a convenience layer on top of the same underlying Custom Rules framework.
  8. What if I have the right resources but still don't see any checks?
    The rule may have a mismatch in its attribute paths or conditions, preventing it from correctly matching your resources. You can adjust the rule configuration using the Custom Rules API. Use the test endpoint first to verify your changes produce the expected results before saving.
  9. Can I create a custom rule for multi resources (more than 1 resource)?
    Currently, each custom rule operates on a resource level, and produces a check per resource.