The Cloud Workload Policies page allows users to manage policies that define security and compliance actions for cloud workloads. Users can create, edit, filter, and manage policies through a structured table and widget panel.
Note
Keep the following caveats in my mind when working with Policies:
Instance Administrators are able to view all facets of policies without restrictions, even if Scope Based Access Control (SBAC) roles are in effect. Learn more about SBAC.
If you’ve been assigned a custom role with View/Edit permissions limited by SBAC, you may not be able to view certain policies.
You can further narrow your search on the Inventory page by using SBAC to limit the scope of the finding, issue, and case counts.
The Cloud Workload Policies page displays all the configured policies with the following fields.
Policy table columns
Field | Description |
|---|---|
Policy Type | Defines the policy category: Misconfigurations, Secrets, Malware, Trusted Images. |
Policy Name | The user-defined name of the policy. |
Action | Defines the action taken when conditions match: Create an Issue (logs an issue) or Prevent and Create an Issue (prevents the action and logs an issue). |
Severity | The severity level of the issue created: Critical, High, Medium, Low, or Informational. |
Asset Groups | Predefined groups of assets to which the policy applies. |
Open Issues | The number of unresolved issues associated with the policy. |
Conditions | Define the detection rule by specifying the criteria that match relevant malware, secret, or trusted image findings. |
Exceptions | Defines the exclusion criteria to omit malware, secret, or trusted image findings that meet specific conditions you want to exclude from the policy. |
Evaluation Stage | Indicates at which stage in the SDLC the policy is evaluated. |
Description | Additional details about the policy. |
Created By | The user who created the policy. |
Last Modified | The timestamp of the last modification. |