updating CSM rules doc with policy info #27385
Open
+135
−58
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
We now group CSM Agent rules into policies. This doc update covers this new feature.
added new policy feature for CSM Threats Agent Configuration rules
Preview links (active after the
|
|
Ed review topic was created: https://datadoghq.atlassian.net/browse/DOCS-9980 |
clachner
reviewed
Jan 31, 2025
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
michaelcretzman
commented
Jan 31, 2025
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
incorp Eng review feedback
janine-c
reviewed
Jan 31, 2025
Comment on lines
20
to
24
| In addition to the out of the box (OOTB) [default Agent and detection rules][7], you can write custom Agent and detection rules. Custom rules help to detect events Datadog is not detecting with its OOTB rules. | ||
|
|
||
| Agent rules are collected in policies. First, you create a policy, and then you add the custom rules you want applied by the policy. | ||
|
|
||
| When you create an Agent configuration policy it contains the default rules only. You can add custom rules to the policy to target specific infrastructure locations. |
There was a problem hiding this comment.
There seems to be a clear sequence here where you create policies, then add rules, but the descriptions of both of those things bounce back and forth between the two a bit. Can we make the descriptions line up with the sequence a bit better here (that is, explain what a policy is and that you have to make one first, then explain what a rule is and talk about how it relates to policies)?
There was a problem hiding this comment.
the reason I did it this way was you can't explain that a policy is a collection of rules without first explaining what a rule is.
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
michaelcretzman
commented
Jan 31, 2025
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
incorp edit review changes. still a few more to do but need to do them locally Co-authored-by: Janine Chan <[email protected]>
michaelcretzman
commented
Jan 31, 2025
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
content/en/security/threats/workload_security_rules/custom_rules.md
Outdated
Show resolved
Hide resolved
Comment on lines
20
to
24
| In addition to the out of the box (OOTB) [default Agent and detection rules][7], you can write custom Agent and detection rules. Custom rules help to detect events Datadog is not detecting with its OOTB rules. | ||
|
|
||
| Agent rules are collected in policies. First, you create a policy, and then you add the custom rules you want applied by the policy. | ||
|
|
||
| When you create an Agent configuration policy it contains the default rules only. You can add custom rules to the policy to target specific infrastructure locations. |
There was a problem hiding this comment.
the reason I did it this way was you can't explain that a policy is a collection of rules without first explaining what a rule is.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We now group CSM Agent rules into policies. This doc update covers this new feature.