Updating a policy

BMC Helix Cloud Security makes new versions of a policy available within a new release to maintain compatibility with existing and newer versions of connectors mapped to the policy.

Periodic/Proactive updates

  1. For periodic updates to the policy library to include Out-of-the-box (OOTB) policies, you can re-import the policy from the policy library to reflect the update, but this can be done only by importing from disk and not from the policy library.

      image2019-8-15_2-30-56.png

Warning

If you have customized the policy, re-importing the policy will remove those customizations.

To retain any customization you have done to the policy or to the rules within the policy, import the updated policy from library with a new name. In this case, you would then need to associate the updated policy with the desired connector.

    2.  For proactive updates of OOTB policies to ensure immediate compatibility with new versions of downloaded connectors, there are three ways to perform the update:

  • From the Manage Policies page.
  • From the Policy Details page.
  • From the Add a Connector page when onboarding a connector.

Note

Updating policies does not clear your resource history.

New connector compatibility updates

Cloud Security also enables you to update a policy to a newer version if one is available when downloading a connector. This helps avoid conflicts with compatibility with newer versions of connectors with existing policies. If you have an older connector in a Tenant and try to onboard a newer version of the connector, the connector might not be compatible with the policies currently mapped to it.

There are two ways to identify that a new policy update is available:

  • When you updated a connector, the Connector Update instructions indicate which, if any, policies might be incompatible with the new version of the connector.

    policy_version_updatemsg.PNG
  • On the Manage Policies page, an information banner displays in the row of the listed policy indicating that a new version is available.

    policy_version_updateinfobanner.PNG

To update the policy to map to newer versions of a downloaded connector:

  1. On the Manage Policies page, in the row corresponding to the policy you want to update, click Update to the right of information banner.
    A notification will display validating the compatibility of the updated policy with the existing connectors. This might include a recommendation to first update the connector before updating the policy.

    policy_version_update_confirm.PNG

    Connectors that are not compatible with the updated policy are denoted by an "X" in the list.

    Note

    Proceeding with the update will disable the mappings between the policy and its non-compatible connectors.

  2. On the Policy Update Confirmation message, click Update Policy.
    A success information message appears, and the information banner indicating that an update is available no longer displays.

Alternately, click the policy and drill down to the Policy Details page, click Update Policy Now! on the information banner at the top of the page, and then click Update Policy on the Policy Update Confirmation message.

policy_version_updateinfobanner2.PNG

You can also update policies from the Add a Connector page during the connector onboarding process when you select policies for evaluation.

For more information, see Onboarding and select the topic corresponding to the connector you are onboarding to Cloud Security.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*