GSL Builder

In CloudGuard, you can build GSL posture management rules for multiple cloud platforms.

1. Navigate to the GSL Builder page in the CSPM menu.

2. Select a cloud platform to run the rule on: AWS Amazon® Web Services. Public cloud platform that offers global compute, storage, database, application and other cloud services., Azure Collection of integrated cloud services that developers and IT professionals use to build, deploy, and manage applications through a global network of data centers managed by Microsoft®., or other.

The platforms with the Preview tag are at Early Availability.

All GSL rules and rulesets are platform-specific, so you can run a rule only on the platform it is created for.

Platforms can be static or dynamic:

• Static platforms - AWS, Azure, GCP Google® Cloud Platform - a suite of cloud computing services that runs on the same infrastructure that Google uses internally for its end-user products, such as Google Search, Gmail, Google Drive, and YouTube., Alibaba Cloud, Kubernetes Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts., Image Assurance, and Source Code Assurance. CloudGuard recognizes all supported resources (entities, services, and so on) on static platforms.

• Dynamic platforms - Terraform An infrastructure as code tool that lets you define both cloud and on-prem resources in human-readable configuration files that you can version, reuse, and share., AWS CloudFormation. CloudGuard cannot predict which resources an IaC plan contains until you upload the plan files. Then after CloudGuard reads and analyzes the script, it builds a set of entities based on data that the script provides. To build rules on a dynamic platform, see Compliance Assessment of Infrastructure as Code.

Because of different naming conventions, the entity's names on the static and dynamic platforms are not the same.

1. Select the mode:

   • Builder - Enter the new rule interactively with hints.

   • Free text - Enter the rule as text.

2. Optionally, change Builder to Free text to make small changes before you test the rule.

For each cloud platform, CloudGuard provides a set of applicable entities. You build a rule with one entity, which is the rule Target, and a combination of the entity attributes, which are the rule Condition.

1. Select an entity from the list.

   CloudGuard shows possible actions below, in the interactive section. The attributes (properties) for this type of entity appear on the right below Context Preview.

2. Select one of the actions. CloudGuard shows applicable operators and properties in the interactive section.

3. Select an operator or a property to continue to build a rule. Use the context preview on the right to expand properties and see their structure.

   Note - Some asset properties have the indication External, for example, ExternalObject or ExternalArray. These properties are brought by CloudGuard from another entity to help you write GSL rules easier.

   Note - Context preview contains information on static elements only. Information on dynamic elements, such as objects, is not available.

4. To continue with the rule, add more operators, properties, and functions as the context suggests. To learn more about the GSL syntax, see Governance Specification Language (GSL).

5. To delete one or more elements in the rule, put the cursor on these elements, and click (this gives approval to the deletion).

1. Below Test Rule, select one or more environments to test the rule on and click TEST.

   CloudGuard runs the rule and shows the Result Details, almost the same as the Assessment Results (see Running an Assessment). The Test History shows the ten last instances when the rule was run.

2. Click clear result to erase the test result.

3. Click clear tests history to erase the history.

After a successful test, select Free text, copy the GSL expression, and paste it into the GSL section of a new rule (see Adding Rules to a Ruleset).