Posture Policies

In addition:

• Search for the policies that match your organizations’ needs
• Create your own custom policies, configure controls that are linked to each requirement
• Review the policy structure and the controls connected to it
• Enable/disable controls on all policies
• Filter controls by enablement status, violation severity, name, and control type

Prerequisites

This feature requires the current Compliance component.

See also:

• Installation notes
• Path from Detection to Remediation

Because we add new policies regularly, check in the product itself to see the comprehensive list of included postures policies.

Navigate Policies List

1. Select Policies > Posture | Policies.

2. Review the Policy list. The included policies are listed alphabetically.

   

   • Policy Name/Description: The full policy name and description, in accordance with naming used by, e.g., the Center for Internet Security (CIS). Click the arrow to link directly to the relevant standards website.

   • Zones: Zones where this policy has been applied. Apply a policy to a zone to show compliance results against the policy in the compliance page.

   • Version: This column lists the version of the standard published. Not to be confused with the version, e.g., of Kubernetes, listed in the policy name.

     

   • Date Published: Date the policy was published. Until officially published, a policy under development is in Draft state.

   • Author: Sysdig for default policies; creator name for custom policies

3. Click a row to open the individual policy page.

Create a Custom Policy

1. Select New Policy on the top right, or

   Select an existing policy to duplicate

2. Add/edit the Name and Description and click Save.

   

3. Edit the requirement groups and the requirements of your policy.

   

4. To edit the controls to each leaf requirement: Select the Link Controls button, filter for the controls you want in the right-most Not Linked column, and select Link on them.

   Changes are automatically saved.

Navigate a Policy Page

Select a policy from the Policies list to review requirements and controls, enable/disable controls, and filter/search.

• Requirement Groups and Requirements: Open the rows in the left pane to view requirement groups and the nested requirements to which the controls are linked.

  Hover to get the full description text.

• Enable/Disable: Toggle to enable/disable an individual control within a policy. The control will be enabled/disabled for ONLY the targeted policy.

• Filter: See below.

Filter

• Use the Select drop-down to narrow the view into a requirement group or requirement.

  

• Use the Filter features to perform actions such as:

  • Find a requirement group, requirement, or control by Name

  • Find all Enabled controls within a policy

  • Find controls in a policy by Control Type (Host/Identity/Resource)

  • Filter by control Severity

Filter Details

Note that any filters can be combined. For example, you could filter to find:

How many high-severity disabled controls are linked to the policies I care about?

Enabled/Disabled

• Click in the Filter box and select Enabled = [True | False]

• Optional: Add more filters, such as Severity = High.

Name

• Click in the Filter box and select Name =

• Type a keyword and select from the drop-down options.

Severity

• Click in the Filter box and select Severity in [High | Medium | Low].

Type

• Click in the Filter box and select Type in [Host | Identity | Resource]

  Posture Control Types:

  • Host: Linux, Docker, Kubernetes Cluster
  • Resource: Kubernetes / Cloud Resource (i.e. bucket, compute, AWS resource…)
  • Identity: Kubernetes / Cloud Identity (e.g.,. IAM)