Skip to content

Creating a Security Rule Policy

Info

Policies allow you to create alerts based on security rules and database activity. If a policy is breached, the action you've selected (if any) will be executed, such as emailing a user, or submitting to AWS Security Hub.

To create a policy based on database activity click here.

Getting Started

  1. To start creating your security rule policy select Policies in the left nav. Select the New Policy button to start.

  2. Select Security Rules from the Alert Type dropdown.

  3. Configure the rules for the policy by selecting from the following choices:

    • Source: The source the rule is based on (CIS Benchmarks, AWS Benchmarks, Custom Rules, etc.).
    • Risk Category: The category the rule is grouped into.
    • Severity: Each rule has a severity assigned (info, critical, warning).

    Hint

    To specify rules individually, select the Specific Rules option and choose the set of rules from the provided list.

  4. Select the databases that should apply to this policy. Pick either all databases, specific databases, or only databases that have specific tags applied.

    Set the policy for creating a new alert. By default, each time the policy is triggered a new alert is opened. This behavior can be modified to only open a new alert if an existing alert is not opened or has been opened for a specified duration.

    In order to continue onto the next step you'll need to check off the Close Alert option. By default alerts should be closed when a rule is no longer in violation (OK).

  5. For the delivery step you're able to select where you want the alert to be delivered. By default the email associated with your account is listed but you can set multiple destinations for alerts and change the owner of the alert if necessary.

    Note

    Alert storage indicates how long the alert is retained. By default, this is set at 1 month. Alerts older than the storage time will be marked for removal from the system.

  6. Add a title, description and severity rating to your policy. The name is auto-filled based on the title you enter but you can change it.

  7. Once you've completed all steps and are happy with the settings you can click Create to create the policy.

Next Steps

If you haven't already you can also create policies based on Database Activity.