Policies module
The Policies page is where you control the rule library. Every detector (CSPM, KSPM, DSPM, HCR, IaC, Secrets, Toxic, CDR) has a sub-tab.
Tabs
One sub-tab per detector. Each tab shows the rules of that detector with:
| Column | Notes |
|---|---|
| Key | Stable identifier. |
| Name | Human-readable. |
| Category | Within the detector. |
| Severity | The default, overridable. |
| Frameworks | Compliance frameworks the rule maps to. |
| Status | Enabled / Disabled. |
| Custom | Bullet if the rule was added by your team. |
Filters
Each tab has filters that match the detector. CSPM has cloud, category, framework.
KSPM has category, check_type. Secrets has category, confidence. Etc.
A free-text search across rule keys and names is always available.
What you can do
Enable / disable
Toggle the rule's enabled flag. Disabled rules are not evaluated; existing OPEN
findings remain (you can mark them IGNORED or wait for them to resolve naturally).
Override severity
Change the severity for the current project. The detail panel shows both the default and your override.
View rule details
Click any rule to see:
- Long description.
- Attack scenario.
- Detailed remediation (per-cloud, per-format).
- References (vendor docs, CIS, MITRE, related CVEs).
- Real-world incident narratives for high-impact rules.
Add a custom rule
The + New custom rule button opens an editor:
- For CSPM, write a query.
- For Secrets, write a regex pattern with optional validators.
- For DSPM, same.
- For Toxic Combinations, a path query.
Suppress (ignore) rules
Beyond per-finding ignore, you can build ignore rules that auto-ignore future
findings matching a pattern (e.g. every CSPM finding on resources tagged purpose=demo).
Ignore rules have audit trails and optional TTLs.
RBAC
| Role | What they can do |
|---|---|
| Viewer | See rules and details. |
| Security Engineer | Toggle enabled / disabled. Override severity. |
| Admin | All of the above + add custom rules + edit ignore rules. |
| Admin | All of the above + cross-project bulk actions. |