Creating a security policy

Audit rule sets and protection rule sets can be set up within the same security policy, for example when you are building pre-production and production policies.

You can create as many rule sets as you need. Rules from different categories can be created in the same set, or you can create a set for each rule category. The general panel of each policy shows how rule sets are built:

Stormshield rule sets

To create your own security policy:

  1. Select the Security > Policies menu.
  2. Click on Create. A line entitled New policy appears.
  3. Double-click this line. The general panel of the new policy appears.
  4. In the upper banner, click on Edit.
  5. Enter a name and description for the policy. The description matters as it describes the various versions of the same policy.
  6. In Rule set, click on Add a shared rule set to add an existing shared rule set, or on Create a rule set to add a new rule set.
  7. If you are adding existing rule sets, select them in the order in which you want to see them appear in the policy. Their rank in the policy appears on the left next to their checkbox. For more information on the sequence of rules, refer to Organizing rules and rule sets in a policy.
  8. If you are creating a new rule set, in Create a rule set:
    1. Select the type of set: Protection or Audit.
    2. Select who can see it: Private or Shared. Private sets are used only in the current policy. Shared sets can be used in several policies.
    3. Name the rule set.
    4. Click on Create.
  9. You are now about to create the rules for your rule set. Click on the new rule set and click on Edit.
  10. Enter a description of the rule set. The description matters as it describes the various versions of the same set.
  11. Use the tabs Threats, Application, ACL resources, Networks and Devices to add security rules to your rule set. For further information on how to create rules, refer to the sections Managing vulnerability exploitation and Defining access control rules.

    NOTE
    Rules can also be copied and pasted between rule sets of the same type (audit or protection) and between policies.

  12. In the general policy panel, you can change the order of rule sets by hovering over them with the mouse to display the drag-and-drop icon on the left. The order of the rule sets is important. For more information, refer to Organizing rules and rule sets in a policy.
  13. Click on Save at the top right of the window to save changes.

For more information on versions of policies and rule sets, or if the icon is displayed on the line), see Managing versions of a policy or a rule set.

Next, assign the security policy to the agent group you want this policy to apply to, then deploy it to your environment. For more information, refer to the sections Assigning a security policy to agents and Deploying the SES Evolution environment