How to Configure Global Rules Management to Customize Security Rules

Select Management in the navigation bar and choose Global Rules Management from the dropdown. The Global Rules Management feature in CloudDefense provides a comprehensive overview of all rules detected in your organization's applications. It enables you to customize the properties, severity, and configurations of these rules to align with your security policies.

Users can handle the global rules under two sections, you can switch to either from the list provided in the left bar of the Global Rules Management page:

• SCA Rules: These rules relate to Software Composition Analysis (SCA), helping you identify vulnerabilities in open-source dependencies and third-party libraries.
  

• SAST/DAST/API Rules: This section encompasses Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and API rules. They provide insights into security vulnerabilities in your application code, runtime environment, and APIs.
  

Custom Rule Management

You can tailor each rule's properties to your organization's specific requirements. Here's how:

• Change Severity: Click on the rule's severity field and select a new severity level (e.g., Critical, High, Medium, Low).

• Set Expiration Date: Configure an expiration date for the rule, indicating when it will no longer be enforced.

• Allowed/Not Allowed: Specify whether a rule is allowed or not allowed based on your compliance needs.
  
  

Tip: Use the search bar in the top right corner to find specific rules quickly. The left column provides various filters such as Allowed/Not Allowed and setting Severity. These filtering options help you efficiently cluster and manage specific categories of rules.

Note: Any changes made to rule properties will be reflected across all applications scanned under your organization's account. This global application of rules ensures consistent security standards throughout your organization.