Response policies

Response policy defines the actions of the solution in the case that events specified in the policy occur. For example, Kaspersky Container Security can notify the user about the detected threats.

If you want to configure response policies to notify the user, you should first set up integration with notification outputs.

The configured response policies are displayed as a table in the Policies → Response policies section.

You can use the list to do the following:

• Add new policies. Click the Add policy button located above the table to open the policy settings window.
• Change policy settings. You can open the editing window by clicking the policy name link.
• Enable and disable policies. Policies are disabled and enabled by using the Disable/Enable toggle button in the Status column of the table containing the list of created policies.

  If you disable a policy, Kaspersky Container Security will not perform the actions specified in that policy.

• Search for policies. To find a policy, use the search field above the list of response policies to specify the policy name or part of it.
• Delete policies.

In this version of the solution, response policies define only the actions that Kaspersky Container Security takes to notify the user when a specific event detailed in the policy occurs. For example, if an object with a critical vulnerability is detected, the solution can send an email notification to the user.

Creating a response policy

Rights to manage response policy settings are required to add a response policy in Kaspersky Container Security.

To add a response policy:

1. In the Policies → Response policies section, click the Add policy button.

   The policy settings window opens.

2. Enter a policy name and, if required, policy description.
3. In the Scope field, select the scope for the response policy from the available options.

   If you plan to implement the policy with the global scope, one of your user roles must be granted the rights to view global scopes.

4. In the Trigger field, use the drop-down list to select an event that will trigger Kaspersky Container Security to notify the user if this event occurs during a scan. One of the following events can be selected as a trigger event:
   • Sensitive data. A notification is sent if the solution detects signs of exposed sensitive data in an object during a scan.
   • Non-compliant. Kaspersky Container Security notifies you if a scanned object contains images that do not comply with the requirements of security policies.
   • Critical vulnerabilities. A notification is sent if a scanned object contains vulnerabilities with Critical status.
   • Malware. A notification is sent if a scan finds malware.
   • Risk acceptance expiration. Kaspersky Container Security notifies you if a scanned object contains risks that you had previously accepted but the risk acceptance period has expired.
5. Configure the required notification methods:
   1. Select an Output: Email or Telegram.
   2. From the drop-down list in the Integration name field, select the name of the pre-configured integration with the selected notification output.
   3. To add another notification method, click the Add button and fill in the fields as described in paragraphs a and b above.
   4. If needed, you can remove the added notification methods by clicking the icon located to the right of the Integration name field.
6. Click Save.

By default, the added policy is Enabled.

Editing response policy settings

You can edit the response policy settings in Kaspersky Container Security if your account has been assigned at least one role that the policy's creator had at the time of the policy's creation.

To change response policy settings:

1. In the Policies → Response policies section, click the policy name in the list of existing response policies.

   The policy settings window opens.

2. If necessary, make changes to the relevant policy settings:
   • Change the policy name.
   • Add or edit the policy description.
   • Add or edit the policy scope.
   • Change the trigger event by selecting it from the drop-down list.
   • Add an output by clicking the Add button.
   • Delete the output by clicking the delete icon () located next to the line of the selected output.
3. Click Save.