Editing policies

The Policy Editor displays all of the rules associated with a specific policy and enables you to perform various actions on the rules, the policy, or on the display in the policy list.

To access the latest information about this topic and all Cloud Security releases, check out the Release Notes.

To open the editor, select Manage > Policies and click the policy that you want to edit.

From the Policy Details page you can perform the following actions:

Filtering the display of the rule list

You can filter the display of the rule list in a variety of ways. You can:

  • Select or deselect all of the rules associated with the groups in the policies, using the Select All Rules/Unselect All Rules toggle item.
  • Expand or hide all of the rules associated with the groups in the policies, using the Expand Groups/Collapse Groups toggle item.
  • Filter by severity, using the Severity Type drop-down list. You can select more than one severity for display.
  • Filter by group name, using the Group Name drop-down list. You can chose to display one or more groups.
  • Filter by Action type, using the Actions drop-down list. This filters the list of rules by the remediation action setting (MANUAL, or DISABLED).
    Note that remediation actions are supported only for certain AWS policies, and must be enabled. See Remediating violations for more information.

Adding a rule to a policy

  1. Click Add a Rule.
    The Add a rule dialog is displayed.
  2. Complete the following fields:

    FieldDescription
    Rule Name (required)The name for the rule (must be at least 5 characters long)
    DescriptionA description for the rule
    Reference IdA reference identification for the rule
    Rule Expression (required)An expression statement for the rule. You can click the expander in the bottom-right of the field to expand the field by several lines. Clicking the expander multiple times toggles the function between expanding and reducing the size of the field.
    Severity (required)The severity of the rule (Low, Medium, High, or Critical).
    Group Name (required)The group to which you wan to add the rule from the drop-down group list. You can also enter the name for a new group.
  3. Click Save to add the rule to the policy.

Editing a rule

  1. From the list of rules, click the rule name that you want to edit.
  2. On the Rule Info tab, click Edit.
  3. Make the necessary changes in the fields. A selection in the Severity field is required.

  4. Click Save to save the changes to the rule in the policy.

You can also edit a remediation action from this page for rules in which a remediation action has been added. For more information, see To edit the remediation action.

Deleting a rule from a policy

You can delete one or more rules from a policy.

Note

Deleting a rule cannot be undone. To reinstate the rule you must re-associate the policy with the connector.

  1. Select the checkbox to the left of the rule you want to delete. 
    You can select more than one rule.
  2. Click Delete Rules.
    A confirmation message is displayed.
  3. Click OK.
    A message is displayed indicating the rules have been deleted from the policy.

Viewing the rules of a policy

Click the Policy Info tab to view the rules for the selected policy in YML format.

 Click here to view a sample CIS Level 1 - Docker Containers Policy

author: BMC Softwarename: 
CIS Level 1 - Docker Containers Policy

description: CIS Level 1 policy for validating Docker containers

dateOfCreation: 'Thu 01 12:47:49 PST 2016'

selectionHint: level1-containers

originSpec:

expression: $.Host

nameExpression: $.Name

resourceSpec:

expression: '$.Containers[*]'

nameExpression: $.ContainerName

typeExpression: DockerContainers

groups:

- description: ''

id: 1

name: CIS policy for Docker Host

rules:

- description: 5.1 Do not disable AppArmor Profile.

id: 1

name: Do not disable AppArmor Profile

refNumber: null

ruleExpression: |-

??appProfile?? assign "$resource.AppArmorProfile" AND

??appProfile?? != ""

- description: '5.2 Verify SELinux security options, if applicable.'
 id: 2
name: 'Verify SELinux security options, if applicable'

refNumber: null

ruleExpression: |-

??securityOpt?? assign "$resource.SecurityOpt" AND

??securityOpt?? != null AND
??securityOpt?? != "" AND
??securityOpt?? != "[]"

- description: 5.4 Do not use privileged containers.

id: 3

name: Do not use privileged containers

refNumber: null

ruleExpression: |-

??privilege?? assign "$resource.Privileged" AND

??privilege?? != null AND
??privilege?? != "" AND
??privilege?? = "false"

Associating a remediation action with a policy rule

Note

For some policies, you can associate a remediation action with a rule. This capability enables you to quickly fix compliance issues associated with a specific rule. Remediation actions are available and supported for the AWS policies detailed in System requirements.

  1. Select Manage > Policies.
  2. From the list of displayed policies that have been imported, click a policy to view the rules that apply to that policy.

    The policy details are displayed, showing all the rules assigned to the selected policy, the severity, and the number of configured actions that are available.
  3. Select a rule to enable the Actions menu for that rule.

    Note

    Actions for the rules of a policy are disabled by default when the content is onboarded.
  4. Remediation can be enabled or disabled under Actions on the Policy Details page.

    • To enable remediation, click on Actions and then choose the type of remediation preferred from the following two types:
      1. Auto Remediation: Remediation action takes place automatically if the selected the rule name has been violated.
      2. On-Demand Remediation: Remediation action takes place according to user discretion if the selected the rule name has been violated.
    • To disable remediation, click on Actions and then choose Disable Remediation option from the cascading menu.


    A message is displayed indicating that the policy action mapping has been successfully enabled.

    Note

    The connector must be running for the remediation action to be successful.

Specifying a schedule for the connector to run

  1. Click the Execution Schedule tab.
  2. Select a connector, and click Assign Connector to assign it to the selected policy.
    A message is displayed indicating that the policy action mapping has been successfully enabled.

Performing next steps

To learn how to update an existing policy to take advantage of updates, you must re-import the policy from the library to reflect the update.
For more information about that process, see Updating a policy.


Was this page helpful? Yes No Submitting... Thank you

Comments