Skip to content

View and apply Recommended Polices

Accuknox provides a number of out-of-the-box recommended policies based on popular workloads or for the host. These policies are recommended to you only after analyzing your workloads and hosts.

These policies will cover known CVEs and attack vectors, compliance frameworks (such as MITRE, PCI-DSS, STIG, etc.) and many more.

Select Policy Manager -> Recommended Policies. This section is used to help to protect your workloads by recommending security policies to your workloads.

Available DSL Filters

  • Cluster

  • Namespace

  • Workload

  • Policy Type

  • Status

Cluster

This will show a list of onboard clusters. In SideBar you can see Workspace Manager click that section there will be 4 subsections. Click that 3th subSection onboard cluster (Workspace Manager → Onboard Cluster ) now you can onboard cluster. Currently, we are supporting only Google Cloud Platform(GCP) right now and in the future, we will support other cloud platforms too.

Namespace

This will show a list of Namespaces of an onboard cluster. Namespace filter is mainly used for you can apply Recommended Policy to specify the namespace in the cluster and you can clearly see list namespace in the onboard cluster.

Workload

A workload is an application running on Kubernetes. Here workload type is used to filter the workloads which are onboard. It is in the form of a checklist and it has a list of workload in the system.

Policy Type

It is in the form of a drop-down box. The 4 options are listed below

  • Select All: This should select all the policies of the host and network. Select All → policy can apply the policy you can either via workload or Pod.

  • Network-Ingress: The Network Policies are created in cilium CNI this Network-Ingress will show how you can control the outgoing connection to incoming connection to the pod or workload.

  • Network-Egress: The network policies are created in cilium CNI this network-Egress will show how you can control the incoming to outgoing connections.

  • System-Policy: The System-policy is created in Kubearmor and it will help to audit the process, file, network.

Status:

This is in the form of a checklist. It has three checklists: Select All, Recommended, Ignored, Applied.

  • Select ALL: this will show both the Recommended Policy and Ignored Policy

  • Recommended Policy: This will show only recommended Policy related to your Workload.

  • Ignored Policy: This will show only which you ignored related to your workload.

  • Applied Policy: This will show only applied policy related to your workload.

Above DSL filter can be used as Permutation and combinations. All the DSL filters can apply at the same time to find out whether Pod or Workload recommended policies are applied or not.

Below the DSL button filter, you can see filters by properties. Here also you can use permutation and combination methods to find the specified Pod or workload.

Properties:

  • Policy Group

  • Policy

  • Entity

  • Cluster

The above properties are in the form key-value pair. Here the key is Policy group, policy, Entity, Cluster and values which you are onboard cluster.

  1. On the Recommended Policies list page, You can see all the recommended policies based on your workloads and hosts.

  2. Select one or more policies, then click Apply

  3. On the Apply page, selector labels will be preselected associated with your workloads. You can review labels and if you want to change the labels you can also do it. Selector labels will decide where selected policies are going to apply.

  4. After Apply; Select Policy Manager -> Pending Approval -> Approve

Back to top