Alert Policies

Deepfactor Portal analyses telemetry received from your applications and generates alerts based on alert policies. Alert Policies are a list of configurable rules that you can use to tailor Deepfactor alerts according to your company's or your application's security policies. You can view/create alert policies by clicking on 'Alert Policies' in the left sidebar.

Alert policy Categories

  • SCA & SBOM

    • It is comprised of a configurable set of rules to be evaluated while processing telemetry generated from statically scanned artifacts.

    • Primarily focuses on prioritisation of vulnerabilities which should be addressed and identification of packages with disallowed licenses.
      Alert_Policy_tab1.png

    • A predefined uneditable policy “Built-in Policy- Standard” (default) is shipped along with the Deepfactor portal. It can be cloned to create custom policies.
    • Usage of configured policies

      • dfctl scan

        Refer to dfctl scan usage which highlights the policy arguments.
      • Kubernetes/Webhook

        Refer to webhook configuration UI which highlights the policy selection while instrumenting cluser/namespacewebhook_policy_selection1.png
  • Runtime Security

    • It is comprised of a configurable set of rules to be evaluated while processing telemetry generated from runtime instrumentation of applications.
      Alert_Policy_tab2.png

    • Two predefined uneditable policies “Built-in Policy- Standard” (Default) and “Built-in Policy- Max Alert” are shipped along with the Deepfactor portal. It can be cloned to create custom policies.
    • Usage of configured policies

      • Containerised

        • command for the policy argument
          Policy_imagescan.png

      • Non Containerised

        • command for the policy argument
          non_containerised_policy_scan.png

      • Docker

        • command for the policy argument
          Docker_policy.png

      • Kubernetes/Webhook

        • Webhook configuration UI which highlights the Alert policy selection while instrumenting cluser/namespace

          webhook_policy_selection2.png

 

Creating custom alert policies

You can click the "Clone" button to clone an existing policy. You can then edit this policy to turn on/off some rules or change the threshold/values of some rules.

Note: Changing a policy will not affect existing alerts.

Editing alert policies

You can edit a custom alert policy (created by cloning) to enable/disable specific policies.

Note: While entering a list of values for a policy, you need to press the enter key after each value for it to be added to the list. 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.