Alert Policies

Deepfactor Portal analyzes telemetry received from your applications and generates alerts based on alert policies. Alert Policies are a list of configurable rules that you can use to tailor Deepfactor alerts according to your company's or your application's security policies. You can view/create alert policies by clicking on 'Alert Policies' in the left sidebar

Creating custom alert policies

You can click the "Clone" button to clone an existing policy. You can then edit this policy to turn on/off some rules or change the threshold/values of some rules.

Note: Changing a policy will not affect existing alerts.

Editing alert policies

You can edit a custom alert policy (created by cloning) to enable/disable specific policies.

Note: While entering a list of values for a policy, you need to press the enter key after each value for it to be added to the list. 

Assigning alert policies to your application

To assign a custom policy to an application component you can pass the name of the policy using the -p option in dfctl command or by setting the alertPolicy option in the K8s webhook override.yaml. If the policy is not specified, the default policy will be used to generate alerts for that component instance.