Policies
Key Features
Sysdig Secure Policies provide the following benefits:
- Visibility and understanding - The policies offer visibility into the security and integrity of cloud environments. They help you understand the behavior of your systems and identify potential threats.
- Actionable information - Sysdig Secure policies generate events based on real-time data, providing actionable information. You can leverage these events to take prompt and informed actions to mitigate risks.
- Built-in policies - Sysdig Secure provides a range of built-in policies that offer immediate value. These pre-configured policies are designed to address common security and integrity concerns in cloud environments.
- Customization - You can fine-tune the behavior of built-in policies to align them with your specific requirements. You have the flexibility to change default configurations, enable or disable policies, and create new ones tailored to your environment.
Uses
You can use Sysdig Secure Policies to:
- Evaluate built-in policies and identify areas that need customization.
- Modify policy configurations to align with your organizational needs.
- Enable or disable policies based on their relevance and impact on your environment.
- Create brand new policies that address specific security concerns unique to your environment.
You can optionally use the following tools to automate policy creation:
- Runtime Threat Detection Policy Tuning for reducing noisy false positives in the events feed
- Network Security Policy Tool to author and fine-tune Kubernetes network policies
Threat Detection Policies
Sysdig Secure manages Runtime Threat Detection through policies. These policies consist of rules to detect and respond to suspicious activity in your environments. This page outlines the concepts to use Threat Detection Policies.
Vulnerability Policies
Vulnerability policies are designed to identify and address pipeline, runtime, and host vulnerabilities and other image risks out of the box, accompanied by relevant rule bundles.
Posture Policies
Sysdig Posture Policies allow you to configure what Compliance evaluates,i n the context of compliance standards, such as Center for Internet Security (CIS) and the National Institute of Standards and Technology (NIST). This page provides the conceptual background needed to create, edit, and apply compliance policies in your own environment.
Install Falco Rules On-Premises (Legacy)
Periodically, Sysdig releases new Falco Rules that provide additional coverage for new behaviors, and adds exceptions for known good behaviors. The rules installer is included by default in on-prem installations 6.x and up. If you are using an earlier version, you can install Falco Rules as a container in on-prem deployments.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.