Policies
Policies are the main way for users to configure their Spyderbat environment. Policies provide users with a way to generate tailored alerts, and tune out noise. Currently, policies fall under 1 of 2 categories, guardian and suppression.
Guardian Policies are designed to establish expected behavior of the resources within their scope be it Linux Services, Containers, or Kubernetes Clusters.
Suppression Policies are a way of tuning out the noise of Spyderbat's built-in detections. While Spydertraces aim at reducing the number of alerts a user should investigate, varying factors can lead to situations where suppression policies are necessary.
linux-service
Guardian Workload
Cluster Machine Service
makeRedFlag makeOpsFlag agentKillProcess agentKillProcessGroup
No
container
Guardian Workload
Cluster Machine Namespace Pod Container
makeRedFlag makeOpsFlag agentKillProcess agentKillProcessGroup agentKillPod
No
cluster
Guardian Ruleset
Cluster
makeRedFlag makeOpsFlag agentKillPod
Yes
trace
Suppression
Cluster Machine Trace User
N/A
No
Related Pages
Response Actions - Actions that can be taken by Guardian Policies.
Selectors - Reference documentation on the various selector types.
Rulesets - Rulesets supported by some policies.
Last updated