Skip to main content

Edit Custom Policies

You can view custom LQL and non-LQL policies through the Lacework Console, as well as edit query and context for non-LQL policies through the Lacework Console. This topic focuses on non-LQL policies. For information on updating LQL policies, see Update SPM Policies.

Users with Policies write permission can edit policies in the Lacework Console.

View and Edit a Custom Policy

You can view details for any policy through the Lacework Console, as follows:

  1. Log in to the Lacework Console and go to Policies.
  2. Click a specific policy to view the policy's parameters and query string. The Summary tab displays parameters associated with this policy.
  3. You can edit policy settings on this tab.
  4. Click Save to save your changes to this policy.

View and Edit the Query for a Policy

Lacework displays the conditions associated with each policy on the Lacework Console, which you can view as follows:

  1. Log in to the Lacework Console and go to Policies.

  2. Click a specific policy. To view the query for this policy, click the Query tab.

  3. For a custom policy, you can edit the policy's query through the Query tab.

    For example, you can add an additional policy expression and associated conditions to your non-LQL policy.

  4. Click Save to save your changes to this query.

View Contextual Information Associated with a Policy

Lacework displays the additional information and remediation for LQL policies when available.

  1. Log in to the Lacework Console and go to Policies.

  2. Click a specific policy.

  3. To view the contextual information for this policy, click the Context tab.

View the Number of Alerts for a Policy

Lacework displays the number of alerts associated with each LQL policy in the Lacework Console. Non-LQL policies do not display the number of alerts.

  1. Log in to the Lacework Console and go to Policies.

  2. Click a specific LQL policy. The Summary tab displays the number of alerts within the past 7 days, as well as the percentage change in the number of alerts associated with this policy.

Download the CSV File for Exceptions

You can download the exceptions as a CSV file for a specific compliance policy directly on the Lacework Console.

  1. Log in to the Lacework Console and go to Policies.

  2. Click a specific non-LQL compliance policy and click the Exception tab. A list of exceptions appear for this policy.

  3. Click the Download icon.

  4. Examine your downloaded CSV file.

Disable/Enable Policies

Disabling a policy excludes it from assessment reports and prevents it from generating alerts. To enable or disable policies from the Lacework Console:

  1. Click Policies from the navigation menu.
  2. Search for the name of the policy you want to disable or enable.
  3. Find the policy and click the toggle button to disable or enable the policy.
Last updated on