Policy packs / Automation Anywhere

Automation Anywhere

AA A360 Hardening

Cross-platform hardening floor for A360 bots.

Roadmap pack. Today this pack applies Flowcerta's cross-platform rules to Automation Anywhere exports. Platform-native detectors are in development and will flow into this pack automatically when they ship.
10rules
3env profiles
blockingdefault mode
high+blocks at

Why this pack

Automation Anywhere A360 expects bots to draw credentials from the Credential Vault, log to Bot Insight, and surface every step's exception state. Flowcerta's catalog does not yet contain A360-native detectors, so this pack applies our cross-platform credential, PII, and resilience rules to A360 bot exports. The slate of A360-specific detectors will land in a follow-up release and flow into this pack automatically.

Aligned with: AA A360 Credential Vault · AA A360 Bot Insight

Environment profiles

The pack ships with severity thresholds tuned per environment so the same workflow gets stricter as it promotes toward production.

development
advisoryblocks at critical+

Surface findings during build without blocking the bot save.

uat
blockingblocks at high+

UAT promotion gate. Highs and above block.

production
blockingblocks at medium+

Strictest gate. Mediums and above block production deploys.

Rules included (10)

2 critical8 high
  • criticalFC-ANY-CRED-001Hardcoded connection string

    A360 expects all credentials through the Credential Vault — never literal in MetaBot variables.

  • criticalFC-ANY-CRED-002Hardcoded API key or credential variable

    API keys belong in Credential Vault locker entries, not in Variable Manager defaults.

  • highFC-ANY-EXC-001Swallowed exception

    A360 try/catch with empty Catch body kills the Bot Insight signal — failures are invisible.

  • highFC-ANY-HTTP-001Missing try/catch around external call

    REST Web Service actions need explicit error handling or transient outages cascade.

  • highFC-ANY-LOG-001Missing log message

    Bot Insight only knows what you Log to File. Missing logs = blind audit.

  • highFC-ANY-PII-001PII access without audit log

    Bot Insight is the audit trail. Reading PII without a log event leaves a gap auditors notice.

  • highFC-ANY-PII-002PII value in log message

    Bot Insight retains log entries — PII written there is PII you now have to manage in Bot Insight.

  • highFC-ANY-PII-003PII hardcoded default

    Test PII left in a Variable Manager default ships with the bot to production.

  • highFC-ANY-RETRY-001Infinite retry without limit

    Loop without exit-condition on a flaky action holds a runner queue slot forever.

  • highFC-ANY-RETRY-002Missing retry scope

    A360 actions touching external systems should have an Error Handler + Retry pattern, not a raw call.

Download the AA A360 Hardening JSONDrop the file into Settings → Policy Packs → Import JSON inside your Flowcerta org.

We'll email you when we ship platform-native rules for this pack. No spam.

More starter packs