Alert Policies

Deepfactor Portal analyses telemetry received from your applications and generates alerts based on alert policies. Alert Policies are a list of configurable rules that you can use to tailor Deepfactor alerts according to your company’s or your application’s security policies. You can view/create alert policies by clicking on ‘Alert Policies’ in the left sidebar.

Alert policy categories #

Deepfactor provides different alert policies for static scanning of your artifacts and runtime security of your running applications.

SCA & SBOM #

    • It is comprised of a configurable set of rules to be evaluated while processing telemetry generated from statically scanned artifacts.
    • Primarily focuses on prioritisation of vulnerabilities which should be addressed and identification of packages with disallowed licenses.
    • A predefined uneditable policy “Built-in Policy- Standard” (default) is shipped along with the Deepfactor portal. It can be cloned to create custom policies.

The following section describes how you can specify the policy while scanning your artifacts with Deepfactor

dfctl scan

Refer to dfctl scan usage which highlights the policy arguments.

Kubernetes/Webhook

Refer to webhook configuration UI which highlights the policy selection while instrumenting cluser/namespace

 

Runtime Security #

  • It is comprised of a configurable set of rules to be evaluated while processing telemetry generated from runtime instrumentation of applications.
  • Two predefined uneditable policies “Built-in Policy- Standard” (Default) and “Built-in Policy- Max Alert” are shipped along with the Deepfactor portal. It can be cloned to create custom policies.

The following section describes how you can specify the policy while running your artifacts with Deepfactor

Containerised

You can pass the name of the policy using the -p option

Non Containerised

You can pass the name of the policy using the -p option

Docker

You can pass the name of the policy using the -p option

Kubernetes/Webhook

You can select the policy from the webhook configuration UI under Kubernetes clusters

 

Creating/editing custom alert policies #

You can click the “Clone” button to clone an existing policy. You can then edit this policy to turn on/off some rules or change the threshold/values of some rules. You can edit a custom alert policy (created by cloning) to enable/disable specific policies.

Note:

  1. While entering a list of values for a policy, you need to press the enter key after each value for it to be added to the list.
  2. Editing an alert policy will not affect existing alerts.
Was this article helpful?

Powered by BetterDocs

Deepfactor Icon

Deepfactor is a developer security platform that enables engineering teams to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance violations early in development and testing.

Product Pricing Resources Company Documentation Login Request a Quote Demo

SUBSCRIBE TO OUR NEWSLETTER!

Sign Up

© 2023 Deepfactor, Inc. All Rights Reserved.

Privacy Policy | Terms of Service | Open Source Disclosure