Creating a Security Rule Policy
Policies allow you to create alerts based on security rules and database activity. If a policy is breached, the action you've selected (if any) will be executed, such as emailing a user, or submitting to AWS Security Hub.
To create a policy based on database activity click here.
To start creating your security rule policy select
Policiesin the left nav. Select the
New Policybutton to start.
Security Rulesfrom the Alert Type dropdown.
Configure the rules for the policy by selecting from the following choices:
- Source: The source the rule is based on (CIS Benchmarks, AWS Benchmarks, Custom Rules, etc.).
- Risk Category: The category the rule is grouped into.
- Severity: Each rule has a severity assigned (info, critical, warning).
To specify rules individually, select the
Specific Rulesoption and choose the set of rules from the provided list.
Select the databases that should apply to this policy. Pick either all databases, specific databases, or only databases that have specific tags applied.
Set the policy for creating a new alert. By default, each time the policy is triggered a new alert is opened. This behavior can be modified to only open a new alert if an existing alert is not opened or has been opened for a specified duration.
In order to continue onto the next step you'll need to check off the Close Alert option. By default alerts should be closed when a rule is no longer in violation (
For the delivery step you're able to select where you want the alert to be delivered. By default the email associated with your account is listed but you can set multiple destinations for alerts and change the owner of the alert if necessary.
Alert storage indicates how long the alert is retained. By default, this is set at 1 month. Alerts older than the storage time will be marked for removal from the system.
Add a title, description and severity rating to your policy. The name is auto-filled based on the title you enter but you can change it.
Once you've completed all steps and are happy with the settings you can click
Createto create the policy.
If you haven't already you can also create policies based on Database Activity.