×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Helix Cloud Security ... Administering Managing policies

Creating a new policy

This topic describes how to create a new, custom policy to add to your policy library.

Create a policy by performing the following tasks:

Understanding policies

The policies are written as code in YAML, so they can be easily authored as well as stored and compared using common version control tools. The policy authoring sandbox makes it easy to modify one of the standards based compliance policies (for example, CIS for Docker Containers) or create a new policy from scratch. If a new technology is introduced, you can extend the base connector to retrieve and send the new data. Any data that can be captured or converted to JSON format, can be evaluated with the powerful policy engine.

Creating the custom policy

To create your new policy, you need to have a JSON resource feed file and a YAML policy file.

Tip

Prior to creating a custom policy, review the following reference topics:

To create the custom policy, complete the following steps:

  1. On the Cloud Security Dashboard, click Manage > Policies.
  2. Click Authoring Sandbox. The Authoring Sandbox is displayed.
  3. In the Resource JSON section, do one of the following:
    • Click Create New, and then create a new-resource.json file in the text area. 
    • Click Select File and select a JSON that contains resource information.
  4. In the Policy YAML section, do one of the following:
    • Click Create New, and then create a new-policy.yaml file in the text area.
    • Click Select File and select a YAML file that contains policy information.
  5. When creating the policy, note the following key expressions and operators to make sure they reflect the goal of the policy:

    • resourceSpec - Instructs the policy how to parse the list of resources (expression), how to parse each resource’s display name (nameExpression), and the type of resources (typeExpression).

    • exportedVariables- Instructs the policy which variables to show for a specific resource.

    • severity- Defines whether a rule is displayed as Low(1-4), Medium(5-6), High(7-8) or Critical(9+).

    • ruleExpression - Defines how the policy determines if a resource is compliant or non-compliant. For more information about the expressions and operators, see Authoring policies.

  6. Once you have the YAML file in place, you can validate the content using the Validate Rules and Validate for Compliance options above the Policy YAML section. To view the results of the validation process, click the Results option in the bottom left section of the screen.
  7. Click Status to ensure that both files are valid.
  8. Click Save Policy to File in the respective sections to save each of the new files and make them available to the library, as highlighted below.
     

Adding the policy to the library 

To add your new custom policy to the list of available policies, do the following:

  1. Navigate to the Manage Policies screen.
  2. Choose Import Policy > Import from disk.

  3. Specify the location where you saved your policy YAML file.
  4. On the Add Custom Policy dialog box, specify a name for the policy.

  5. Click Save.

Note: The newly added policy might not appear on the screen immediately. Refresh the screen to view it.


Was this page helpful? Yes No Submitting... Thank you
Last modified by Bob Massa on Oct 20, 2017

Comments

Log in or register to comment.

Viewing policy details
Editing policies
© Copyright 2017-2023 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2023 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.