To create a Kubernetes runtime policy, perform the following procedure.
Prerequisites
All prerequisites are optional.
Procedure
- On the left navigation pane, click .
- Click the Runtime Policies tab.
- Click Add Policy.
- On the Define Policy page, name the policy, select the scope from the list of available scopes, and click Next.
- On the Add Rules page, select the rules to include in the policy.
You can add rules from the Basic, Moderate, and Strict templates. For more information about these templates, see Kubernetes Policy Templates.
Important:
Carbon Black recommends that you start with the rules from the
Basic template to provide alerts for issues that have the highest severity.
For example, to add all rules from the Basic template:
- Select the Basic rule template on the left.
- Select the type of alerting action (Monitor or Alert) at the top right. Alert is the default action.
- Click Add all 5 rules at the top right.
You can add individual rules from templates instead of adding rules in bulk. To do so, click the arrow icon at the right of the rule.
After you have added rules, they display in the right pane of the page. From here, you can remove individual rules or all rules.
- Click Next.
- Review the policy settings. Set the learning period for the scope baseline. The default value is 7 days. To see the progress of the scope baseline during the learning period, see View a Kubernetes Scope Baseline for a Runtime Policy.
What to do next
After you configure your Kubernetes runtime policies and after the learning period ends, the behavioral baseline is established, and protection is active. All alerts that are caused by violations of the runtime policies display on the
Alerts page. See
Triaging Kubernetes Alerts.