Edit Custom Policies
You can view custom LQL and non-LQL policies through the Lacework Console, as well as edit query and context for non-LQL policies through the Lacework Console. This topic focuses on non-LQL policies. For information on updating LQL policies, see Update SPM Policies.
Users with Policies write permission can edit policies in the Lacework Console.
View and Edit a Custom Policy
You can view details for any policy through the Lacework Console, as follows:
- Log in to the Lacework Console and go to Policies.
- Click a specific policy to view the policy's parameters and query string. The Summary tab displays parameters associated with this policy.
- You can edit policy settings on this tab.
- Click Save to save your changes to this policy.
View and Edit the Query for a Policy
Lacework displays the conditions associated with each policy on the Lacework Console, which you can view as follows:
Log in to the Lacework Console and go to Policies.
Click a specific policy. To view the query for this policy, click the Query tab.
For a custom policy, you can edit the policy's query through the Query tab.
For example, you can add an additional policy expression and associated conditions to your non-LQL policy.
Click Save to save your changes to this query.
View Contextual Information Associated with a Policy
Lacework displays the additional information and remediation for LQL policies when available.
Log in to the Lacework Console and go to Policies.
Click a specific policy.
To view the contextual information for this policy, click the Context tab.
View the Number of Alerts for a Policy
Lacework displays the number of alerts associated with each LQL policy in the Lacework Console. Non-LQL policies do not display the number of alerts.
Log in to the Lacework Console and go to Policies.
Click a specific LQL policy. The Summary tab displays the number of alerts within the past 7 days, as well as the percentage change in the number of alerts associated with this policy.
Download the CSV File for Exceptions
You can download the exceptions as a CSV file for a specific compliance policy directly on the Lacework Console.
Log in to the Lacework Console and go to Policies.
Click a specific non-LQL compliance policy and click the Exception tab. A list of exceptions appear for this policy.
Click the Download icon.
Examine your downloaded CSV file.
Disable/Enable Policies
Disabling a policy excludes it from assessment reports and prevents it from generating alerts. To enable or disable policies from the Lacework Console:
- Click Policies from the navigation menu.
- Search for the name of the policy you want to disable or enable.
- Find the policy and click the toggle button to disable or enable the policy.