Policies
Policies are the main way for users to configure their Spyderbat environment. Policies provide users with a way to generate tailored alerts, and tune out noise. Currently, policies fall under 1 of 2 categories, guardian and suppression.
Guardian Policies are designed to establish expected behavior of the resources within their scope be it Linux Services, Containers, or Kubernetes Clusters.
Suppression Policies are a way of tuning out the noise of Spyderbat's built-in detections. While Spydertraces aim at reducing the number of alerts a user should investigate, varying factors can lead to situations where suppression policies are necessary.
| Policy Type | Category | Supported Selectors | Supported Response Actions | Supports Rulesets |
|---|---|---|---|---|
linux-service | Guardian Workload | Cluster Machine Service | makeRedFlag makeOpsFlag agentKillProcess agentKillProcessGroup | No |
container | Guardian Workload | Cluster Machine Namespace Pod Container | makeRedFlag makeOpsFlag agentKillProcess agentKillProcessGroup agentKillPod | No |
cluster | Guardian Ruleset | Cluster | makeRedFlag makeOpsFlag agentKillPod | Yes |
trace | Suppression | Cluster Machine Trace User | N/A | No |
Related Pages
Response Actions - Actions that can be taken by Guardian Policies.
Selectors - Reference documentation on the various selector types.
Rulesets - Rulesets supported by some policies.
Last updated