Creating a security policy
Audit rule sets and protection rule sets can be set up within the same security policy, for example when you are building pre-production and production policies.
You can create as many rule sets as you need. Rules from different categories can be created in the same set, or you can create a set for each rule category. The general panel of each policy shows how rule sets are built:
To create your own security policy:
- Select the Security > Policies menu.
- Click on Create. A line entitled New policy appears.
- Click on this line. The general panel of the new policy appears.
- In the upper banner, click on Edit.
- Enter a name and description for the policy. The description matters as it describes the various versions of the same policy.
- In Rule set, click on Add a shared rule set to add an existing shared rule set, or on Create a rule set to add a new rule set.
- If you are adding existing rule sets, select them in the order in which you want to see them appear in the policy. Their rank in the policy appears on the left next to their checkbox. For more information on the sequence of rules, refer to Organizing rules and rule sets in a policy.
- If you are creating a new rule set, in Create a rule set:
- Select the type of set: Protection or Audit.
- Select who can see it: Private or Shared. Private sets are used only in the current policy. Shared sets can be used in several policies.
- Name the rule set.
- Click on Create.
- You are now about to create the rules for your rule set. Click on the new rule set and click on Edit.
- Enter a description of the rule set. The description matters as it describes the various versions of the same set.
- Use the tabs Threats, Application, ACL resources, Networks and Devices to add security rules to your rule set. For further information on how to create rules, refer to the sections Managing vulnerability exploitation and Defining access control rules.
Rules can also be copied and pasted between rule sets of the same type (audit or protection) and between policies.
- You can change the order of the rule sets in the general panel of the policy by scrolling over the rule sets to show the arrows on the left. The sequence of rule sets matters. For more information, refer to Organizing rules and rule sets in a policy.
- Click on Save at the top right of the window to save changes.
For further information on versions of policies and rule sets, or if the icon appears next to the icon for rules regarding threats (), refer to the section Managing versions of a policy or a rule set.
Next, assign the security policy to the agent group you want this policy to apply to, then deploy it in your environment. For more information, refer to the sections Assigning a security policy to agents and Deploying the SES Evolution environment