Alauda Security Service

Creating Custom Policies in Alauda Security Service

Alauda Security Service allows you to create custom security policies in addition to using the default ones. In the current UI, the main entry point is Platform Configuration > Policy Management > Create policy.

TOC

Ways to Start a Custom PolicyPolicy Definition FlowDetailsLifecycleRulesPolicy BehaviorScopeActionsReview and SaveEditing Existing Policies

Ways to Start a Custom Policy

  • Go to Platform Configuration > Policy Management and click Create policy
  • Go to Risk, apply filters, and click Create policy

Policy Definition Flow

When you click Create policy, the product opens a multi-step flow under Policy definition. The current steps are:

  • Details
  • Lifecycle
  • Rules
  • Policy behavior
  • Scope
  • Actions
  • Review

Details

In the Details step, define the core metadata for the policy:

  • Name
  • Severity
  • Categories
  • Description
  • Rationale
  • Guidance
  • MITRE ATT&CK

Lifecycle

In the Lifecycle step:

  • Select one or more lifecycle stages: Build, Deploy, or Runtime
  • For Runtime, select the event source appropriate for the policy, such as deployment activity or audit-log-based activity

Rules

In the Rules step:

  • Add the criteria that determine when the policy should trigger
  • Build rules from the fields available for the selected lifecycle stage
  • Combine criteria using logical operators as needed

Policy Behavior

In the Policy behavior step:

  • Set whether the policy is active
  • Choose whether it should only inform or inform and enforce

Enforcement depends on lifecycle stage:

  • Build: Fails CI checks when the image violates policy
  • Deploy: Blocks or edits noncompliant deployments when admission enforcement is enabled
  • Runtime: Enforces response when matching runtime activity occurs

Scope

In the Scope step:

  • Limit where the policy applies
  • Add cluster, namespace, deployment, or label-based restrictions as needed
  • Use scope rules to keep a policy targeted to the workloads or environments it is meant to protect

Actions

In the Actions step:

  • Attach notifiers when you want violations to be sent to configured integrations
  • Review any response actions supported by the selected lifecycle and policy behavior settings

Review and Save

  • Review the full policy definition in the Review step
  • Click Save to create the policy

Editing Existing Policies

  • Go to Platform Configuration > Policy Management
  • Select the policy and open its available actions
  • Default policies cannot be edited directly; clone them first if you want to customize their logic