Define Container Protection rulesets to ensure protection for your containers during Runtime Security scanning.
Procedure
- Go to .
- Click the Rulesets tab.
- Create, duplicate, or modify a ruleset.
-
To create a new ruleset, click New.
-
To duplicate an existing ruleset:
-
Click to select the base ruleset from the policy list.
-
Click Duplicate.Container Protection creates a copy of the existing ruleset and appends "Copy" to the ruleset name.
-
-
To modify an existing ruleset, click the ruleset in the ruleset list.
-
- For new and duplicated rulesets, specify a unique ruleset name.
Note
-
Ruleset names must not contain spaces and only support alphanumeric characters, underscores (_), and periods (.).
-
You cannot modify the ruleset name after creating the ruleset.
-
- If you want to provide more details about the
purpose for the ruleset, use the Description field.The description appears under the ruleset name in the ruleset list.
- For users that have applied labels to your
Kubernetes clusters and want to apply the ruleset only to clusters with
corresponding labels, click Add Label.
- Specify the Key and Value for each label.
- If you have multiple labels that you want to apply the ruleset to, click Add Label again.
Important
Labels are only supported on Kubernetes clusters and have no effect on Amazon ECS clusters. - Apply rules to the ruleset by clicking Add
Rule.
- Select the checkboxes next to the available rules you want to apply to the ruleset.
- Click Submit.
Tip
To get more information about the attack technique that a rule is designed to prevent, search for the MITRE ID (for exampleT1021.004
) on the MITRE site. - In the Mitigation column, select what action you want Container Security to perform when the rule is
violated.
-
Log: Log the event but allow the container to continue running
-
Isolate: Isolate the pod from all network traffic (Kubernetes only)
-
Terminate: Terminate the pod (Kubernetes only)
Important
Amazon ECS clusters only support the Log action. If you select to Isolate or Terminate and apply the ruleset to an Amazon ECS cluster, Container Security defaults to the Log action only. -
- Click Create.