Alert Policies

Table of Contents

Deepfactor Portal analyses telemetry received from your applications and generates alerts based on alert policies. Alert Policies are a list of configurable rules that you can use to tailor Deepfactor alerts according to your company’s or your application’s security policies. You can view/create alert policies by clicking on ‘Alert Policies’ in the left sidebar.

Alert policy Categories

  • SCA & SBOM
    • It is comprised of a configurable set of rules to be evaluated while processing telemetry generated from statically scanned artifacts.
    • Primarily focuses on prioritisation of vulnerabilities which should be addressed and identification of packages with disallowed licenses.
      Alert_Policy_tab1.png
    • A predefined uneditable policy “Built-in Policy- Standard” (default) is shipped along with the Deepfactor portal. It can be cloned to create custom policies.
    • Usage of configured policies
      • dfctl scanRefer to dfctl scan usage which highlights the policy arguments.
      • Kubernetes/WebhookRefer to webhook configuration UI which highlights the policy selection while instrumenting cluser/namespace
  • Runtime Security
    • It is comprised of a configurable set of rules to be evaluated while processing telemetry generated from runtime instrumentation of applications.
    • Two predefined uneditable policies “Built-in Policy- Standard” (Default) and “Built-in Policy- Max Alert” are shipped along with the Deepfactor portal. It can be cloned to create custom policies.
    • Usage of configured policies
      • Containerised
        • command for the policy argument
      • Non Containerised
        • command for the policy argument
      • Docker
        • command for the policy argument
      • Kubernetes/Webhook
        • Webhook configuration UI which highlights the Alert policy selection while instrumenting cluser/namespace

 

Creating custom alert policies #

You can click the “Clone” button to clone an existing policy. You can then edit this policy to turn on/off some rules or change the threshold/values of some rules.

Note: Changing a policy will not affect existing alerts.

 

Editing alert policies #

You can edit a custom alert policy (created by cloning) to enable/disable specific policies.

Note: While entering a list of values for a policy, you need to press the enter key after each value for it to be added to the list.

Was this article helpful?

Powered by BetterDocs

Deepfactor Icon

Deepfactor is a developer security platform that enables engineering teams to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance violations early in development and testing.

Product Pricing Resources Company Documentation Login Demo

SUBSCRIBE TO OUR NEWSLETTER!

© 2023 Deepfactor, Inc. All Rights Reserved.

Privacy Policy | Terms of Service | Open Source Disclosure