Guardian & Interceptor

Last updated 12 months ago

Was this helpful?

Guardian & Interceptor

The Spyderbat Guardian Feature is designed to enhance security within your Spyderbat environment. It provides a robust framework for defining and enforcing expected behavior through Guardian Policies. These policies are crucial for maintaining the integrity of your systems and ensuring that only authorized activities are permitted.

Guardian Policies

Guardian Policies are the cornerstone of Guardian, serving as the rulebook for allowed and prohibited activity within your environment. They come in two primary forms:

Workload Policies

Workload Policies are tailored to containers and Linux services, specifying a whitelist of permitted activities. This ensures that only known, safe operations are allowed to execute, providing a first line of defense against unauthorized or malicious behavior.

Key Components:

A comprehensive list allowed process and network activity.
Scope: The selectors detailing the specific containers or services to which the policy applies.
Response: The mechanism by which the policy take actions.

Ruleset Policies

Ruleset Policies offer a more flexible approach, supporting policy-agnostic rulesets that can be applied across different environments. These rulesets contain both allow and deny rules, providing a granular level of control over the behavior within your systems.

Key Components:

Allow Rules: Explicitly permit certain actions, overriding any broader deny rules that may be in place.
Deny Rules: Define actions that are explicitly prohibited, regardless of other allow rules.
Reusability

Interceptor

The Interceptor feature set allows Guardian to take response actions based on policy violations. When a policy violation occurs, Interceptor Response Actions can trigger actions such as generating alerts, or blocking the offending activity.

Tutorials

Tutorials detailing the creation of the various policy types can be found in the tutorials section of this documentation.

Conclusion

The Spyderbat Guardian Feature is a powerful tool for maintaining security and compliance in containerized and Linux service environments. By effectively utilizing Guardian Policies, you can ensure that your systems operate within the defined parameters of expected behavior, safeguarding against potential threats.

Last updated 12 months ago

Was this helpful?

Guardian Policies

Guardian Policies are the cornerstone of Guardian, serving as the rulebook for allowed and prohibited activity within your environment. They come in two primary forms:

Workload Policies

Key Components:

A comprehensive list allowed process and network activity.
Scope: The selectors detailing the specific containers or services to which the policy applies.
Response: The mechanism by which the policy take actions.

Ruleset Policies

Key Components:

Allow Rules: Explicitly permit certain actions, overriding any broader deny rules that may be in place.
Deny Rules: Define actions that are explicitly prohibited, regardless of other allow rules.
Reusability

Interceptor

More details on response actions can be found .

Tutorials

Tutorials detailing the creation of the various policy types can be found in the tutorials section of this documentation.

Conclusion

For more detailed information and advanced configurations, please refer to the .