Getting Started with Intelligence Policy

An Intelligence policy has a ruleset (containing event definitions), one or more environments on which the events are applied, and a notification indicating where findings must be sent.

To set up an Intelligence policy:

1. Navigate to the Policies page in the CDR > Threat Monitoring menu.

2. Click Add Policy on the right.

3. Select a platform on which the policy applies and click Next.

4. Select one or more environments to which the policy applies. CloudGuard shows only those environments onboarded to Intelligence. Click Next.

5. For the initial Intelligence configuration, use the configured CloudGuard-managed rulesets. From the list, select one or more rulesets for the policy and click Next.

6. To add a new Notification, click Add Notification.

7. In the Create New Notification window, enter the notification name and, optionally, a description. For this initial policy, you can use the default settings. Make sure that the Alert console is selected. This option allows you to see all findings on the Events > Threat & Security Events page.

8. Click Save.

9. Select the Notification for the association.

10. Click Save.

Your policy appears on the Policies page.

More Links

• Intelligence Onboarding and Offboarding

• Configuring CloudGuard Policies

• Intelligence Queries

• Intelligence Security Events

• Notifications