Use Case for Wildcard Policies
The use case for the Policy Builder that we are addressing here is to create a policy for monitoring all
files retrieved from the directories defined in the scan options. We will create
a policy with a wildcard,
*, which will search all files that UpGuard would check
Since the update to v2.18.0, the approach towards creating a policy has been conferred a new ‘documentation view’ style in terms of the UI.
Building a Wildcard Policy
Begin by navigating to the Policies page from the Control tab. Click the “Build Policy” button.
Give the Policy a unique name and click Start Building.
You will be brought the the interface for building a custom policy. Start by giving the Section a descriptive title.
Under that newly created section, click the ‘+’ button directly nested underneath the title.
For the “Type of addition”, select “Check”. For the “Type of check”, select “other”.
An additional dropdown will appear, and from there, you will be required to determine the CI Path. click on the field, and select
files will appear as a tag upon selection.
You will have the option to add additional levels after this in the CI Path field. Add another
level by typing
* in the field, which will be your wildcard for the first level. Hitting the Tab key
will confirm your addition of the asterisk to the CI Path.
You can also add an additional wildcard for nested files under the first level. In the CI Path
field, typing an additional
* and hitting Tab will add a second asterisk to the CI path. You
should see three tags:
Click the “Done” button to add the Policy. A panel for defining properties will appear on the right of the window.
Remove the ‘Present’ check by clicking the Edit icon to its right, followed by the red Trash icon in the bottom left. Confirm that you want to delete the check by clicking “Yes”.
To add an attribute check, type “raw” in the ‘Attribute Name’ field. The type of check should be ‘Excludes’, with the “Check should pass if attribute is absent” box clicked. The Expected field should contain the text string that you would like to exclude from your files. You may use the “Remediation” and “Background” fields in order to provide descriptions and additional information for your Policy. Click “Add” to complete the policy definition.
Applying the Policy to a Node Group
With your policy is now successfully defined, you may now apply this policy to applicable node group(s). To do this, click on the “Add Node Group” button in the left sidebar.
Select the node group or groups you wish for this policy to apply to.
Upon clicking “Close”, you will see the selected node group(s) listed in the left sidebar.
Viewing the Policy Results
To view the results of your policy, you may navigate to any of the pages where you would view each single node, or by navigating to the Policy Report page in the Reports section, followed by choosing the Policy that has been defined by clicking “More Info”.