Many Vanta tests have an additional feature that shows in more depth how the test received data from the integrated service and the criteria being used for the test. The goal of this data is to be transparent with our customers about the data we are reading from integrated services and assist in troubleshooting why a test may or may not be passing.
This can be found by scrolling down to the Test source data table within the test:
- The API requests tab will show when Vanta made the request, the resource type we were fetching, the URL used, and the status of that request. You can click on an individual request to see more details:
The initial Request tab will show the headers used (minus any sensitive data). You can click on the "Response" tab to see a more detailed response.
- To see the data returned for individual resources, select the Fetched data tab
- Selecting an individual row will show the data received for that specific resource:
- Note that this data will include a "VantaAttributes" field. This is data added by Vanta that describes additional details about the resource that powers other vanta features (ex. Resource owner, in or out of scope, etc.)
There are additional options to view the raw JSON of the fetched data, as well as download it into a .zip file that contains the JSON:
- When troubleshooting why a test may be failing, we recommend comparing the information in the test details and test instructions to the source data. For example, in the MFA on infrastructure root accounts (AWS) test, we can see the test details report that this test is verifying that all AWS root accounts have MFA enabled:
- We can then look at the test data to confirm that this is the case: