Runtime custom rules

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Runtime custom rules

L1 Bithead

Hi team,

 

Does any one know if you can create custom rule policy by app?, I tried by process name and parent process but I still see alerts despite I created and add ignored action. so I want to know if I could apply this ignored action to every process comes from one app.

AnR
1 REPLY 1

L4 Transporter

Good Day AnaisRomero,

 

I hope that this note finds you well. In your use case I think that scoping the runtime rule with either an encompassed custom rule defined or process definition to a collection that correlates to the app should be what you need. Collections are the primary scoping utility within the console and when you define the collection that the application is in you can then create the runtime rule with the scope correlated to this collection. You will probably need to check the sequence that the runtime rules are defined in executing so that the new rule is listed before any rule that would potentially execute with a larger scope. As a general guidance, in setting up runtime rules or any other console defined rules, you will be best to have the rules with a narrower scope higher up on the list than rules with a larger scope. Hopefully this helps. Please let me know if you need any additional information.

 

Kind Regards,

J. Avery King

J. Avery King | Prisma Cloud | Customer Success Engineer
  • 1607 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!