From 960c64164d7f59e155c5fd52d6ea1e1a9fbe2592 Mon Sep 17 00:00:00 2001 From: gtam Date: Fri, 1 Nov 2024 09:10:25 -0700 Subject: [PATCH] Update docs/05.policy/08.responserules/08.responserules.md Co-authored-by: Sunil Singh --- docs/05.policy/08.responserules/08.responserules.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/05.policy/08.responserules/08.responserules.md b/docs/05.policy/08.responserules/08.responserules.md index b3ed553a2..45fe2f2a4 100644 --- a/docs/05.policy/08.responserules/08.responserules.md +++ b/docs/05.policy/08.responserules/08.responserules.md @@ -13,7 +13,7 @@ Response Rules provide a flexible, customizable rule engine to automate response Creating a new Response Rule using the following: -+ Group. A rule will apply to a container Group (address group is not supported, for example criteria address=x.x.x.x/x). Please see the section Run-Time Security Policy -> Groups for more details on Groups and how to create a new one if needed. ++ Group. A rule will apply to a container Group (address group is not supported, for example, criteria address=x.x.x.x/x). Please see the section [Run-Time Security Policy -> Groups](../04.groups/04.groups.md) for more details on Groups and how to create a new one if needed. + Category. This is the type of event, such as Security Event, or CVE vulnerability scan result. + Criteria. Specify one or more criteria. Each Category will have different criteria which can be applied. For example, by the event name, severity, or minimum number of high CVEs. + Action. Select one or more actions. Quarantine will block all network traffic in/out of a container. Webhook requires that a webhook endpoint be defined in Settings -> Configuration. Suppress log will prevent this event from being logged in Notifications.