Rule Bundles
Rule Bundle Guidelines
Default Sysdig rule bundles (indicated by the Sysdig shovel icon) cannot be deleted.
- You can duplicate these default bundles to use as templates for new rule bundles.
A single rule bundle can be assigned to multiple policies.
The order of rules within a bundle does not impact how they are evaluated. You may reorder rules for clarity or personal preference in the UI.
Multiple instances of the same rule type are allowed in a single rule bundle.
- For example, you can add several rules of the type Vulnerabilities: Severities and Threats within one bundle.
Conditions within a single rule are evaluated using AND logic.
- A vulnerability must meet all specified conditions in a rule to be considered a violation.
Rules within a rule bundle are evaluated using OR logic:
- If any rule in the bundle is violated, the entire rule bundle is considered in violation.
- If any rule bundle is in violation, the associated policy is considered failed.
Create a Rule Bundle
When creating a Rule Bundle, follow these steps to ensure all required items and options are addressed before being allowed to save the bundle.
Log in to Sysdig Secure.
Navigate to Policies > Vulnerabilities | Rule Bundles.
Select Add Rule Bundle.
Fill in the required fields:
- Name: Specify a unique name to identify the rule bundle.
- Description: Enter a brief description detailing the purpose or scope of the rule bundle.
- Rules: Add one or more scanning rules to the bundle. Each rule is displayed as a “card” in the UI and can be created or configured using the visual editor.
Select Save.
The rule bundle is now defined.
Attach a Rule Bundle to a VM Policy
To attach a rule bundle to Sysdig Vulnerability Management Policies:
Log in to Sysdig Secure.
Select Policies > Vulnerabilities | Policies.
Select an existing policy or create a new policy.
The policy configuration page appears.
In the Rules section, select a rule bundle from the drop-down.
Complete the policy configuration and select Save.
Learn More
For available rules and configuration checks, see Vulnerability, Image Configuration and Image Content Rules.