Skip to main content

Modify Policies

You can modify an individual policy or apply bulk changes to many policies at once, as described here.

Change a Policy Configuration

Default policies are read-only. To effectively modify those policies, you can make a copy and modify the setting of the cloned policy.

For a custom policy, you can modify the frequency with which the policy is evaluated, its severity, or the underlying query. You can also add exceptions to a policy, or modify its conditions.

You can modify a policy from its details pane, which you can access on the Policies page. Click the edit icon and modify the settings as needed:

Policies edit

Disable/Enable Policies

Disabling a policy excludes it from your assessment reports. To enable or disable policies from the Lacework Console:

  1. Click Policies from the navigation menu.

  2. Search for the name of the policy you want to disable or enable.

  3. Find the policy and click the toggle button to disable or enable the policy.

    Policies disable

You can also update multiple policies at once, as described in the following section.

Batch Update Policies

It can take some time to modify many policies individually. If you have many policies that you want to enable or disable at once, you can modify them as a batch. You can also download many policies at once in CSV format.

note

Vulnerability policies are not currently supported for batch enable/disable operations.

To enable or disable multiple policies at once, select the checkboxes next to each policy and click Enable/Disable. If the operation cannot be applied to any of the selected policies (for example, if a policy cannot be enabled), those policies are listed. You can confirm or cancel the operation as appropriate.

The batch update feature is most useful when used with search filters. By filtering the policy list first, you can quickly select and modify many policies with just a few clicks.

For example, to disable legacy AWS policies only, follow these steps:

  1. In the Policies page, expand the Domain filter options, choose AWS and click Show results.

  2. For the Rule type, choose Legacy and click Show results.

    Policies batch select filter type

  3. For the Status, choose Enabled. Notice that the policy list shows 50 policies of about 160.

  4. You can choose the 50 policies that appear on the page using the multi-select checkbox, or click the down arrow next to the checkbox and choose Select all to select all 160.

    Policies batch select filter enabled

  5. Click Enable/Disable.

  6. Click Disable assessments for all n selected policies and Save changes in the following dialog:

    Policies batch select disable

    If you have selected any policies to which the operation cannot be applied, they are listed, giving you the option to cancel or proceed to apply the change to the remaining policies.