Editing Policies

Owned by Aaron Beaudoin
Last updated: Jul 31, 2024 by Sowmya Manian
2 min read

In this section you will learn how to:

Policies in Zilla can be accessed via the Policies sub-menu under the Security menu. From this view, can view policies based on their respective categories as well as view all policies in the system by clicking on “See all policies” where you can see which policies are enabled and which are disabled and can click on the edit icon to edit the policy. 

image-20240729-063208.png

Edit General Policy Information 

The following general policy information can be updated: 

  • Policy Description

  • Severity 

  • Tags

Name and Category fields are not editable.

Enable / Disable a Policy 

You can enable or disable the policy from generating Findings. 

  • Enable - When you enable a policy, Findings will be detected upon the next policy evaluation, which occurs after applications are synced. If the policy was previously enabled (and then disabled) then only previous Findings will be viewable. 

  • Disable - When you disable a policy, any Findings that exist will be suppressed from view and cannot have actions taken. If a previous Finding is in a non-closed state, the policy will still evaluate the condition and close the Finding if it is resolved in the source system, but new Findings will not be detected. 

Assign Automated Actions to a Policy 

You can automate actions for a specific policy, so that once a Finding is detected, those actions will automatically be taken.  

  • Send Email - Choose this option to automatically send an email of the Findings discovered to the Application Business Owner, Technical Owner or other users to follow-up accordingly.

  • Create Ticket - Choose this option to automatically create a ticket in your ticketing system (as configured in your Zilla tenant Settings). You can choose to create a single ticket for each Finding as well as group all the Findings into one ticket for each application. 

  • Custom Actions - Choose this option to send information to the custom action that has been defined in your environment. More information on Custom Actions can be found here.

For each action that is enabled, you can specify the frequency and when to begin the communication. This helps adjust the frequency of communication based on a policy by policy basis.