Network Exposure rules allow you to monitor and control the network accessibility of your serverless functions, identifying configurations that might expose them to unwanted external traffic.
Under Posture Management, select → → .
Select Network Exposure.
On the Overview step of the Create Network Exposure Rule wizard.
Fill in these fields:
Rule Name: (required): A user-provided to identify the rule
Description (required): A description of the rule
Severity (required): Select the severity level. Only findings with this exact severity level will trigger this rule. Findings with different severity levels will be ignored
Labels: (optional): Assign labels to categorize and organize the rule based on specific criteria or attributes. Labels help in easily identifying and filtering rules
Click .
Define the logic for the rule on the Rule Logic step of the wizard.
Fill in these fields:
Source Network: Select the source network to be evaluated by this rule. Options:
Untrusted (default): all internet IPs
A specific IP or CIDR range: Select Show Advanced Settings and fill in the following fields:
Protocol/Port: Specify the protocols and ports that will generate findings if exposed. For example: tcp/80, tcp/20-23, tcp/80, tcp/443
Host State: Configure the rule to alert on either active (running) or potentially exposed (stopped) workloads
Use External Probe Validation: When enabled, network scanning verifies internet exposure and provides additional context (protocols, ports, services). Disabling it relies on configuration alone, which may increase inaccurate findings
Destination Asset Type: Select Serverless Function as the asset type to be evaluated in the rule
Cloud Service Provider: Select the target cloud provider in which the rule will be evaluated (AWS, GCP, Azure)
Click .