Rule Bundles
Rule Bundle Guidelines
Default Sysdig rule bundles (indicated by the Sysdig shovel icon) cannot be deleted.
- You can duplicate these default bundles to use as templates for new rule bundles.
A single rule bundle can be assigned to multiple policies.
The order of rules within a bundle does not impact how they are evaluated. You may reorder rules for clarity or personal preference in the UI.
Multiple instances of the same rule type are allowed in a single rule bundle.
- For example, you can add several rules of the type Vulnerabilities: Severities and Threats within one bundle.
Conditions within a single rule are evaluated using AND logic.
- A vulnerability must meet all specified conditions in a rule to be considered a violation.
Rules within a rule bundle are evaluated using OR logic:
- If any rule in the bundle is violated, the entire rule bundle is considered in violation.
- If any rule bundle is in violation, the associated policy is considered failed.
Create a Rule Bundle
When creating a Rule Bundle, follow these steps to ensure all required items and options are addressed before being allowed to save the bundle.
Log in to Sysdig Secure.
Navigate to Policies > Vulnerabilities | Rule Bundles.
Select Add Rule Bundle.
Fill in the required fields:
- Name: Specify a unique name to identify the rule bundle.
- Description: Enter a brief description detailing the purpose or scope of the rule bundle.
- Rules: Add one or more scanning rules to the bundle. Each rule is displayed as a “card” in the UI and can be created or configured using the visual editor.
Select Save.
The rule bundle is now defined.
Attach a Rule Bundle to a VM Policy
To attach a rule bundle to Sysdig Vulnerability Management Policies:
Log in to Sysdig Secure.
Select Policies > Vulnerabilities | Policies.
Select an existing policy or create a new policy.
The policy configuration page appears.
In the Rules section, select a rule bundle from the drop-down.
Complete the policy configuration and select Save.
Learn More
For available rules and configuration checks, see Vulnerability, Image Configuration and Image Content Rules.
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.