Deepfactor Portal analyses telemetry received from your applications and generates alerts based on alert policies. Alert Policies are a list of configurable rules that you can use to tailor Deepfactor alerts according to your company’s or your application’s security policies. You can view/create alert policies by clicking on ‘Alert Policies’ in the left sidebar.
Alert policy categories #
Deepfactor provides different alert policies for static scanning of your artifacts and runtime security of your running applications.
SCA & SBOM #
-
- It is comprised of a configurable set of rules to be evaluated while processing telemetry generated from statically scanned artifacts.
- Primarily focuses on prioritisation of vulnerabilities which should be addressed and identification of packages with disallowed licenses.
- A predefined uneditable policy “Built-in Policy- Standard” (default) is shipped along with the Deepfactor portal. It can be cloned to create custom policies.
The following section describes how you can specify the policy while scanning your artifacts with Deepfactor
dfctl scan
Refer to dfctl scan usage which highlights the policy arguments.
Kubernetes/Webhook
Refer to webhook configuration UI which highlights the policy selection while instrumenting cluser/namespace
Runtime Security #
- It is comprised of a configurable set of rules to be evaluated while processing telemetry generated from runtime instrumentation of applications.
- Two predefined uneditable policies “Built-in Policy- Standard” (Default) and “Built-in Policy- Max Alert” are shipped along with the Deepfactor portal. It can be cloned to create custom policies.
The following section describes how you can specify the policy while running your artifacts with Deepfactor
Containerised
You can pass the name of the policy using the -p option
Non Containerised
You can pass the name of the policy using the -p option
Docker
You can pass the name of the policy using the -p option
Kubernetes/Webhook
You can select the policy from the webhook configuration UI under Kubernetes clusters
Creating/editing custom alert policies #
You can click the “Clone” button to clone an existing policy. You can then edit this policy to turn on/off some rules or change the threshold/values of some rules. You can edit a custom alert policy (created by cloning) to enable/disable specific policies.
Note:
- While entering a list of values for a policy, you need to press the enter key after each value for it to be added to the list.
- Editing an alert policy will not affect existing alerts.