Create a Network Exposure Policy
You have the ability to create network exposure policies based on your organization’s requirements. You can build a new network exposure policy based on the
config from network where
RQL query to monitor the network exposure of an asset across your cloud environment.- Select .
- Enter your policy details.
- Add thePolicy NameandSeverity.
- DescriptionandLabelsare optional.
- ClickNext.
- Enter your RQL query in the search bar.The default option ofNew Searchenables you to build a new RQL query from scratch whileSaved Searchenables you to use a RQL query that you previously saved. For example, the following RQL query finds the interfaces that are accessible from any untrusted Internet source:config from network where source.network = UNTRUST_INTERNET and dest.resource.type = 'Interface' and dest.cloud.type = 'AWS' and dest.tag = 'env=prod'A green check mark indicates that you have a valid query and you can view the query results.
You cannot associate compliance standards to network exposure policies. - Savethe policy.After you successfully create your new policy, it is displayed in thePoliciestable.
Refer to Network Query in the RQL Reference to learn about network exposure query attributes and to see examples.
