Create a Custom Policy
You can create a custom policy for any resource type if the built-in policies do not meet your requirements. Tenable Cloud Security allows you to test the policy on a project before you add the custom policy.
To add or create a custom policy in Tenable Cloud Security:
- Access Tenable Cloud Security.
-
On the left navigation bar, click the
button. -
Click Custom policy.
-
Click Add policy.
The Create Policy page opens. -
In the Choose Resource section, do one of the following:
-
Type a resource in the search box to bring up its name.
-
Select a resource from the list of available resources.
Note: You can create policies for any cloud resource or schema supported by the IaC providers. Tenable Cloud Security also supports policies for container images. -
-
Click Continue.
-
In the Policy Condition section, use the query builder to select the conditions that the policy must meet. Click the arrow on the drop-down list to select a parameter, operator, value, and an AND/OR operator.
Note: The inputs to the query builder are dynamic and based on the resource’s schema. -
Click Continue.
-
In the Test Policy section, click the arrow on the drop-down list to select the project name.
-
Click Test to verify that the policy condition runs successfully. You can test policies for the projects for which you have access.
-
Click Continue.
-
In the Remediation Details section, select the parameter, type, and the required value to create the remediation for the policy.
-
(Optional) Click + to add more remediation details.
-
Click Continue.
-
In the Policy Details section, provide the following:
-
Type the policy name.
-
Select the policy category.
-
Select the severity of the policy.
-
Select the applicable benchmark for the policy.
Note: You can create a user-defined compliance benchmark and add the required policy to the created benchmark. -
Select the required custom policy group.
-
Type the remediation description details.
-
-
Click Create.
Tenable Cloud Security creates a custom policy.