Deepfactor Portal analyses telemetry received from your applications and generates alerts based on alert policies. Alert Policies are a list of configurable rules that you can use to tailor Deepfactor alerts according to your company’s or your application’s security policies. You can view/create alert policies by clicking on ‘Alert Policies’ in the left sidebar.
Alert policy Categories
- SCA & SBOM
- It is comprised of a configurable set of rules to be evaluated while processing telemetry generated from statically scanned artifacts.
- Primarily focuses on prioritisation of vulnerabilities which should be addressed and identification of packages with disallowed licenses.
- A predefined uneditable policy “Built-in Policy- Standard” (default) is shipped along with the Deepfactor portal. It can be cloned to create custom policies.
- Usage of configured policies
- dfctl scanRefer to dfctl scan usage which highlights the policy arguments.
- Kubernetes/WebhookRefer to webhook configuration UI which highlights the policy selection while instrumenting cluser/namespace
- Runtime Security
- It is comprised of a configurable set of rules to be evaluated while processing telemetry generated from runtime instrumentation of applications.
- Two predefined uneditable policies “Built-in Policy- Standard” (Default) and “Built-in Policy- Max Alert” are shipped along with the Deepfactor portal. It can be cloned to create custom policies.
- Usage of configured policies
- Containerised
- command for the policy argument
- command for the policy argument
- Non Containerised
- command for the policy argument
- command for the policy argument
- Docker
- command for the policy argument
- command for the policy argument
- Kubernetes/Webhook
- Webhook configuration UI which highlights the Alert policy selection while instrumenting cluser/namespace
- Webhook configuration UI which highlights the Alert policy selection while instrumenting cluser/namespace
- Containerised
Creating custom alert policies #
You can click the “Clone” button to clone an existing policy. You can then edit this policy to turn on/off some rules or change the threshold/values of some rules.
Note: Changing a policy will not affect existing alerts.
Editing alert policies #
You can edit a custom alert policy (created by cloning) to enable/disable specific policies.
Note: While entering a list of values for a policy, you need to press the enter key after each value for it to be added to the list.