Creating a Kubernetes Configuration Rule

You can create a Kubernetes configuration rule in the Threat Stack Cloud Security PlatformⓇ (CSP).

  1. Navigate to the Rules tab and select a ruleset from the list.
  2. Click the + New Rule button.



    You can create a rule in any ruleset to suit your organization's needs. In this example, the new rule is added to the Base Rule Set.

  3. The Add Host Rule dialog displays.


  4. Select Kubernetes Config Rule from the list and click Next: Details to proceed.


  5. The Add Kubernetes Configuration Rule dialog displays. You will be able to specify the rule details.
    1. Severity of alerts: There are three levels of behaviors to indicate the severity of an alert.
      • Severity 1 alerts are the highest elevation of behaviors.
      • Severity 2 alerts are the second highest elevation of behaviors.
      • Severity 3 alerts are the third highest elevation of behaviors.
    2. Rule Name (Required): It indicates the name of the ruleset.
    3. Alert Title (Required): It indicates the name and substitutions (dynamic content) which add context to the alert.
    4. Alert Description: It indicates a brief summary of the alert.
    5. Aggregate Fields: It helps define the uniqueness of an alert. Please review the Rule Aggregation article for additional information about aggregate options.
    6. Trigger an alert if an event matching this rule occurs at least: It indicates the frequency for generating an alert. You can specify how often to display an alert within a certain time frame.For additional information, please review the Life Cycle of an Alert article.


  6. After making your selection, click Next: Filter.


  7. The Kubernetes Configuration Rule Filter pane displays.


  8. After specifying a rule filter, click Create Rule.


  9. The rule will be created and it will be displayed on the Rules page.


Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request