Skip to content

G
gitlab-ce
Commit 61ecf94c authored by Alexander Turinske's avatar Alexander Turinske
Browse files
Options

Add UI docs for threat monitoring policy alerts 

- add new screenshots
parent 05d328e5
Show whitespace changes
Inline Side-by-side
Showing with 46 additions and 0 deletions
doc/user/application_security/threat_monitoring/index.md
View file @ 61ecf94c
...@@ -159,7 +159,53 @@ Rule mode supports the following rule types: ...@@ -159,7 +159,53 @@ Rule mode supports the following rule types:
- [Level 4](https://docs.cilium.io/en/v1.8/policy/language/#layer-4-examples) - [Level 4](https://docs.cilium.io/en/v1.8/policy/language/#layer-4-examples)
can be added to all other rules. can be added to all other rules.
### Configureing Policy Alerts
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3438) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.9.
The policy alert allows you to track what impact your policy is having. It can be enabled in the Policy Editor UI or with YAML using the `metadata.annotations` property.
![Policy Editor UI](img/threat_monitoring_add_policy_alert_ui_v13_9.png)
```yaml
metadata:
annotations:
app.gitlab.com/alert: 'true'
```
Once added the UI will update with a warning about the dangers of too many alerts.
![Alert Configured UI](img/threat_monitoring_policy_alert_configured_ui_v13_9.png)
If you have not [configured the agent](../../project/clusters/protect/container_network_security/quick_start_guide.md), alerts will not be available to you and will guide you to the appropriate documentation ([install](../../clusters/agent/repository.md), [configure a Kubernetes Agent for this project](../../clusters/agent/index.md#create-an-agent-record-in-gitlab))
![Policy Alerts Not Available ](img/threat_monitoring_policy_alerts_unavailable_v13_9.png)
Once your policy is complete, save it by pressing the **Save policy** Once your policy is complete, save it by pressing the **Save policy**
button at the bottom of the editor. Existing policies can also be button at the bottom of the editor. Existing policies can also be
removed from the editor interface by clicking the **Delete policy** removed from the editor interface by clicking the **Delete policy**
button at the bottom of the editor. button at the bottom of the editor.
To view your alerts, view the alert list
### Container Network Policy Alert list
> [Introduced](https://gitlab.com/groups/gitlab-org/-/epics/3438) in [GitLab Ultimate](https://about.gitlab.com/pricing/) 13.9.
The policy alert list allows you to view the policy activity. Alerts can be sorgedd by date/time and status.
![Policy Alert List](img/threat_monitoring_policy_alert_list_v13_9.png)
Policy alert statuses can be updaded to reflect that the alert has been seen and dealt with
![Policy Alert Status](img/threat_monitoring_policy_alert_status_v13_9.png)
By default the list filters out any resolved/dismissed alerts, but toggled on/off
![Policy Alert Status Filter](img/threat_monitoring_hide_resolved_policy_alerts_v13_9.png)
By default, the policy alerts are not enabled, so the policy alert list will guide you this documentation to enable it
![Policy Alerts Disabled](img/threat_monitoring_policy_alerts_disabled_v13_9.png)
> [Additional work](https://gitlab.com/groups/gitlab-org/-/epics/5041) coming in [GitLab Ultimate](https://about.gitlab.com/pricing/).
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7