Skip to content

[RHACS] Updated steps for MITRE ATT&CK #36201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mikemckiernan merged 1 commit into from
Oct 6, 2021
Merged

[RHACS] Updated steps for MITRE ATT&CK #36201

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions modules/create-policy-from-system-policies-view.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ You can create new security policies from the system policies view.
. On the RHACS portal, navigate to *Platform Configuration* -> *System policies*.
. Click *+ New Policy* below the filter box on the top right side.
. Turn off the *Enable Policy* toggle if you want to create a policy but enable it later.
. Fill in the following details about your policy in the *Policy Details* section:
. Enter the following details about your policy in the *Policy Summary* section:
** Enter a *Name* for the policy.
** Select a *Severity* level for this policy, either `Critical`, `High`, `Medium`, or `Low`.
** Choose *Lifecycle Stages* to which your policy is applicable, from *Build*, *Deploy*, or *Runtime*.
Expand Down Expand Up @@ -43,12 +43,21 @@ However, you cannot use regular expressions for selecting deployments.
The *Excluded Images* setting only applies when you check images in a continuous integration system with the *Build* lifecycle stage.
It will not have any effect if you use this policy to check running deployments in the *Deploy* lifecycle stage or runtime activities in the *Runtime* lifecycle stage.
====
. Optional: Under the *MITRE ATT&CK* section, select the *Tactics* and the *Techniques* you want to specify for the policy.
.. Click *Add tactic*, and then select a tactic from the dropdown list.
.. Click the *Add* icon to add techniques for the selected tactic. You can specify multiple techniques for a tactic.
+
[NOTE]
====
Specifying MITRE ATT&CK tactics and techniques is only available if you are using {product-title} 3.65 or later.
====
. Select *Next* on the panel header.
. In the *Policy Criteria* section, configure the attributes that you you want to trigger the policy for.
//See the <<policy-criteria,Policy criteria>> section for more details.
+
[NOTE]
====
If you are using {product-title} version 3.0.45 or newer, select *Next* to view the *Policy Criteria* section.
If you are using {product-title} 3.0.45 or newer, select *Next* to view the *Policy Criteria* section.
====
. Select *Next* on the panel header.
. The new policy panel shows a preview of the violations that get triggered if you enable the policy.
Expand Down