Service Composer helps you consume security services with ease.
- An initial state security policy that includes a vulnerability scanning service (InitStatePolicy)
- A remediation security policy that includes a network IPS service in addition to firewall rules and an anti-virus service (RemPolicy)
Ensure that the RemPolicy has higher weight (precedence) than InitStatePolicy.
- An applications assets group that includes the business critical applications in your environment (AssetGroup)
- A remediation security group defined by a tag that indicates the virtual machine is vulnerable (VULNERABILITY_MGMT.VulnerabilityFound.threat=medium) named RemGroup
You now map the InitStatePolicy to AssetGroup to protect all business critical applications in your environment. You also map RemPolicy to RemGroup to protect vulnerable virtual machines.
When you initiate a vulnerability scan, all virtual machines in AssetGroup are scanned. If the scan identifies a virtual machine with a vulnerability, it applies the VULNERABILITY_MGMT.VulnerabilityFound.threat=medium tag to the virtual machine.
This topic will now take you through the steps required to consume the security services offered by Service Composer.