Azure Platform Log Policy
Event notifications are generally limited to a frequency of once every five minutes. For details, see Message Throttling in Sysdig Secure.
Create an Azure Platform Log Policy
To create a Azure Platform Log policy:
Log in to Sysdig Secure and select Policies > Threat Detection > Runtime Policies.
Click Add Policy and select Azure Platform Log.
Configure an Azure Platform Log Policy
Basic Parameters
Name: Enter a policy name.
Description: Provide a meaningful and searchable description.
Enabled/Disabled: Toggle to enable the policy so that it generates events.
Severity: Choose the appropriate severity level as you would like to see it in the Runtime Policies UI: High, Medium, Low, Info
Policy severity is subjective and is used to group policies within a Sysdig Secure instance. There is no inheritance between the underlying rule priorities and the severity you assign to the policy.
Scope: Define the scope to which the policy will apply, based on the type-dependent options listed.
Link to Runbook: (Optional) Enter the URL of a company procedure that should be followed for events resulting from this policy. For example: https://www.mycompany.com/our-runbook-link
.
If you enter a value here, then a View Runbook option will be displayed in any corresponding Event.
Policy Rules
Add or edit policy rules as needed. You can choose to Import from Library or to create a New Rule. To learn more about rules, see Manage Threat Detection Rules.
Actions
Determine what should be done if a Policy is violated.
Notify
Select a notification channel from the drop-down list to send notifications of events to appropriate personnel.
See also: Set Up Notification Channels.
Search for Existing Policies
To review the existing Workload policies:
Log in to Sysdig Secure and select Policies > Threat Detection > Runtime Policies.
Filter for Managed Policy and Azure Platform Log.
You can edit a managed policy, duplicate it to create a custom policy, or click + Add Policy, and choose Azure Platform Log to configure it from scratch.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.