Policies allow you to define desired configuration state. By using Policy Builder, a user can create a policy that monitors all the files retrieved from defined directories.

Use Case for Wildcard Policies

The use case for the Policy Builder that we are addressing here is to create a policy for monitoring all files retrieved from the directories defined in the scan options. We will create a policy with a wildcard, *, which will search all files that UpGuard would check for.

Since the update to v2.18.0, the approach towards creating a policy has been conferred a new ‘documentation view’ style in terms of the UI.

Building a Wildcard Policy

Begin by navigating to the Policies page from the Control tab. Click the “Build Policy” button. build policy

Give the Policy a unique name and click Start Building. w600

You will be brought the the interface for building a custom policy. Start by giving the Section a descriptive title.

w800

Under that newly created section, click the ‘+’ button directly nested underneath the title.

w200

For the “Type of addition”, select “Check”. For the “Type of check”, select “other”.
An additional dropdown will appear, and from there, you will be required to determine the CI Path. click on the field, and select files. files will appear as a tag upon selection. w800

You will have the option to add additional levels after this in the CI Path field. Add another level by typing * in the field, which will be your wildcard for the first level. Hitting the Tab key will confirm your addition of the asterisk to the CI Path. w600

You can also add an additional wildcard for nested files under the first level. In the CI Path field, typing an additional * and hitting Tab will add a second asterisk to the CI path. You should see three tags: files, *, and *. w600

Click the “Done” button to add the Policy. A panel for defining properties will appear on the right of the window. w600

Remove the ‘Present’ check by clicking the Edit icon to its right, followed by the red Trash icon in the bottom left. Confirm that you want to delete the check by clicking “Yes”.
w400
w400

To add an attribute check, type “raw” in the ‘Attribute Name’ field. The type of check should be ‘Excludes’, with the “Check should pass if attribute is absent” box clicked. The Expected field should contain the text string that you would like to exclude from your files. You may use the “Remediation” and “Background” fields in order to provide descriptions and additional information for your Policy. Click “Add” to complete the policy definition. w400

Applying the Policy to a Node Group

With your policy is now successfully defined, you may now apply this policy to applicable node group(s). To do this, click on the “Add Node Group” button in the left sidebar. w800

Select the node group or groups you wish for this policy to apply to. w400

Upon clicking “Close”, you will see the selected node group(s) listed in the left sidebar. w800

Viewing the Policy Results

To view the results of your policy, you may navigate to any of the pages where you would view each single node, or by navigating to the Policy Report page in the Reports section, followed by choosing the Policy that has been defined by clicking “More Info”.