# Guardian & Interceptor The Spyderbat Guardian Feature is designed to enhance security within your Spyderbat environment. It provides a robust framework for defining and enforcing expected behavior through Guardian Policies. These policies are crucial for maintaining the integrity of your systems and ensuring that only authorized activities are permitted. ## Guardian Policies Guardian Policies are the cornerstone of Guardian, serving as the rulebook for allowed and prohibited activity within your environment. They come in two primary forms: ### Workload Policies Workload Policies are tailored to containers and Linux services, specifying a whitelist of permitted activities. This ensures that only known, safe operations are allowed to execute, providing a first line of defense against unauthorized or malicious behavior. Read more about Workload Policies [here](/concepts/guardian/workload_policies.md). #### Key Components: * A comprehensive list allowed process and network activity. * Scope: The selectors detailing the specific containers or services to which the policy applies. * Response: The mechanism by which the policy take actions. ### Ruleset Policies Ruleset Policies offer a more flexible approach, supporting policy-agnostic rulesets that can be applied across different environments. These rulesets contain both allow and deny rules, providing a granular level of control over the behavior within your systems. Read more about Ruleset Policies [here](/concepts/guardian/ruleset_policies.md). #### Key Components: * Allow Rules: Explicitly permit certain actions, overriding any broader deny rules that may be in place. * Deny Rules: Define actions that are explicitly prohibited, regardless of other allow rules. * Reusability ### Interceptor The Interceptor feature set allows Guardian to take response actions based on policy violations. When a policy violation occurs, Interceptor Response Actions can trigger actions such as generating alerts, or blocking the offending activity. More details on response actions can be found [here](/reference/policies/response-actions.md). ## Tutorials Tutorials detailing the creation of the various policy types can be found in the `tutorials` section of this documentation. * [Guardian Tutorials](/tutorials/notifications.md) ## Conclusion The Spyderbat Guardian Feature is a powerful tool for maintaining security and compliance in containerized and Linux service environments. By effectively utilizing Guardian Policies, you can ensure that your systems operate within the defined parameters of expected behavior, safeguarding against potential threats. For more detailed information and advanced configurations, please refer to the [policy reference guide](/reference/policies.md). --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.spyderbat.com/concepts/guardian.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.