Policies - 1.0 - Cortex XPANSE - Cortex - Security Operations

Cortex Xpanse Assess User Guide

Product
Cortex XPANSE
Version
1.0
Creation date
2022-08-25
Last date published
2022-12-01
Category
User Guide

An issue policy is a definition managed by Cortex Xpanse that is used to identify risks in an attack surface. A policy is the definition of what Xpanse is looking for and the associated risk. Xpanse creates an issue when it detects an instance of that policy. For example, Insecure Apache Web Server could be a policy that looks for any instances of Apache with a detected version earlier than 2.30.1, so if Xpanse sees any services that are running an earlier version, Xpanse would create a new issue.

The Policies tab in the Cortex Xpanse application displays a list of all the available issue policies along with key information about each policy, such as a description, whether the policy is on or off, the priority, etc.. On the Policies tab you can customize issue policies to align with your organization’s specific needs and priorities.

Note

You must have Admin privileges to change policy settings.

  • Turn the Policy On or Off—Many Policies are turned on by default, but some are designed to be opt-in.

  • Change the default Priority—All Policies have an Cortex Xpanse-defined default Priority setting of Low, Medium, or High. Critical is never a Cortex Xpanse-defined default. You may request changes to these settings, including making Critical the default Priority setting.

  • Set the default Assignee for all new Issues under a given Policy—Any Issue triggered by a Policy can have automatic assignment to a Cortex Xpanse user. For more information about assigning Issues, see Issue Data Structure.

  • Identify New Policies—New policies are added frequently. Sort the list of policies by the Created On column to see the most recently added policies. You can determine if new policies have been released since your last assessment by comparing the Created On dates for the policies with the date of your last assessment.

    Note

    Policies that were introduced after your last assessment will not be applied to your data. To apply policies that were released after your last assessment, you must Run a New Assessment.