This feature requires an active Liongard integration. Set up Liongard first if you haven’t already.
Accessing Compliance Metrics
Navigate to Settings > Compliance and click the Metrics tab. This page shows all configuration audit metrics synced from your Liongard instance. If no Liongard integration is connected, you will see a prompt to set one up from the Integrations page.Browsing Metrics
The metrics page offers two views:- Per Metric
- Per Device
Groups data by metric name. Each row shows:
Click any metric row to open a detail panel showing all devices with their individual values and statuses.
| Column | Description |
|---|---|
| Metric | The configuration audit data point name |
| Inspector | The Liongard inspector type (e.g., Windows Workstation, Active Directory) |
| Devices | Number of devices evaluated for this metric |
| Status | Pass, fail, and warning counts across all devices |
| Last Evaluated | When Liongard last evaluated this metric |
Summary Strip
At the top of the metrics page, a summary strip shows:- Total passing, failing, and warning counts across all metrics
- Number of metrics linked to compliance checks
- Last synced timestamp
Creating a Compliance Check from a Metric
Find the Metric
Browse or search for the metric you want to track in compliance. Click the metric row to open the detail panel.
Click Create Compliance Check
In the detail panel, click Create Compliance Check. This button only appears for metrics not yet linked to a check. Already-linked metrics show a Linked to Compliance badge.
Configure the Check
Fill in the compliance check details:
| Field | Description |
|---|---|
| Check Title | Pre-filled with the metric name. Edit as needed. |
| Description | Pre-filled with metric and inspector details |
| Status List | Select which status list to use for pass/fail options |
| Compliance Group | Optionally assign the check to a compliance group |
| Auto-update | Enable to have the check status update automatically when Liongard syncs |
Choose Evaluation Mode
When auto-update is enabled, choose how the check status is determined:
- Use Liongard status - Directly uses the pass/fail/warning status from Liongard
- Custom rules - Define your own rules based on the metric value (see below)
Custom Rules
Custom rules let you define exactly when a metric should pass or fail based on its value. This is useful when Liongard’s native pass/fail does not match your compliance requirements, or when you need threshold-based evaluation.How Rules Work
- Rules are evaluated in order from top to bottom
- The first matching rule wins and determines the status
- If no rules match, the default result applies (configurable as pass or fail)
Available Operators
| Operator | Description | Example |
|---|---|---|
| Greater than | Numeric comparison | Value > 90 = Pass |
| Greater or equal | Numeric comparison | Value >= 100 = Fail |
| Less than | Numeric comparison | Value < 10 = Pass |
| Less or equal | Numeric comparison | Value <= 0 = Fail |
| Equals | Exact string or numeric match | Value = “Enabled” = Pass |
| Not equals | Does not match | Value != “Disabled” = Pass |
| Contains | Substring match | Value contains “error” = Fail |
| Does not contain | Substring absence | Value does not contain “warning” = Pass |
| Is empty | No value present | Empty = Fail |
| Is not empty | Any value present | Not empty = Pass |
Building Rules
Add a Rule
Click Add Rule. Each rule has three parts:
- Operator - How to compare the value (e.g., Greater than, Contains)
- Threshold - The value to compare against (not needed for Is empty/Is not empty)
- Result - Pass or Fail when the rule matches
Add More Rules
Add additional rules as needed. Rules are evaluated top to bottom, so place your most specific conditions first.
Example: Password Policy Check
To create a rule that fails when the minimum password length is below 12:- Add Rule: Less than
12= Fail - Default result: Pass
Example: Feature Status Check
To verify a security feature is enabled:- Add Rule: Equals
Enabled= Pass - Add Rule: Equals
True= Pass - Default result: Fail
How Auto-Sync Works
When a metric-linked compliance check has auto-update enabled, the background sync handles updates automatically:- Liongard syncs metrics on a recurring schedule (hourly)
- The compliance bridge evaluates each mapped metric against its rules
- Only active compliance runs are updated - completed runs are frozen as historical snapshots
- Per-device assignments are matched individually, so each device gets its own pass/fail status based on its specific metric value
The sync only updates existing compliance assignments in active runs. You still need to manually add metric-linked checks to your compliance runs (directly or through groups). The sync then keeps those assignments current.
Active vs. Completed Runs
| Run Status | Behavior |
|---|---|
| Active (not completed) | Metric values update the check status on every sync cycle |
| Completed | Frozen snapshot. The status reflects whatever the metric value was when the run was completed. |
Device-Level Assignments
When you assign a metric-linked check to a compliance run with device scope, each device that has a corresponding Liongard system gets its own assignment. The sync evaluates each device independently:- Device A may pass while Device B fails for the same metric
- Only devices with linked Liongard systems receive updates
- Company-level assignments (no device scope) use the worst status across all devices in that company
Best Practices
Start with High-Value Metrics
Focus on metrics that directly map to compliance requirements: MFA status, backup verification, encryption settings, and firewall rules.
Use Custom Rules for Thresholds
Liongard’s native pass/fail may not match your compliance thresholds. Custom rules let you set exact boundaries that align with your policies.
Group Metric Checks Together
Assign metric-linked checks to compliance groups so they can be added to runs as a batch instead of individually.
Review After Completing Runs
Before marking a run as completed, review the auto-synced statuses. Once completed, the run becomes a frozen historical record.
Related Resources
- Compliance Module - Full compliance guide with tree view, runs, and scoring
- Configure Liongard Integration - Setup and environment mapping
- Adding CIS Benchmarks - Another compliance framework integration