Appearance
Assign a Policy to Assets
Policies in AttackLens evaluate security requirements against your infrastructure. This page explains how policies are scoped to specific assets and asset groups, and how to control which resources a policy targets.
How Policy Scope Works
A policy's scope determines which assets it evaluates. AttackLens uses two mechanisms to define scope:
- Prerequisites: Conditions defined within the policy that filter assets based on inventory data
- Asset groups: Organizational groupings that associate assets with specific compliance requirements
Prerequisites (Policy-Level Filtering)
Prerequisites are conditions defined in the policy itself. They check inventory data on each asset and skip evaluation if the conditions are not met.
For example, a policy with a prerequisite of "OS Family equals Linux" will only evaluate assets that have Linux inventory data collected by a sensor.
INFO
Prerequisites are configured when creating or editing a policy. They operate at the individual asset level based on collected inventory data.
Asset Groups (Organizational Scoping)
Asset groups let you organize assets into logical collections and then evaluate policies against all members of a group.
To scope a policy to an asset group:
- Navigate to Assets > Asset Groups
- Create or select an asset group
- Add the relevant assets to the group
- When viewing the Policy Status page, filter by asset group to see compliance for that subset
Viewing Policy Results by Scope
The Policy Status page supports filtering evaluation results by:
| Filter | Description |
|---|---|
| All assets | Shows posture scores for every asset evaluated by the policy |
| By asset | Shows results for a specific individual asset |
| By asset group | Shows results for all assets within a specific group |
To filter results:
- Open the policy detail page
- Navigate to the Status tab
- Use the asset or asset group filter to narrow the view
Scope Evaluation Flow
When AttackLens evaluates a policy, the following sequence determines which assets are included:
1. Identify all assets with inventory data
2. Apply policy prerequisites (skip non-matching assets)
3. For each matching asset:
a. Evaluate each ruleset's prerequisites
b. Apply ruleset applicability conditions
c. Execute ruleset checks
d. Record findings (Pass / Fail / Error)
4. Calculate posture score per assetTIP
If a policy has no prerequisites, it will be evaluated against every asset that has inventory data. Use prerequisites to limit evaluation to relevant asset categories.
Best Practices
- Use asset groups for organizational scoping: Group assets by environment (Production, Staging), by team, or by compliance requirement
- Use prerequisites for technical scoping: Filter by OS family, installed software, or resource type within the policy definition
- Combine both approaches: Use prerequisites to ensure the policy only runs on technically applicable assets, and use asset groups to organize reporting
WARNING
Policies without prerequisites and broad asset groups will generate a large number of findings. For optimal performance and meaningful compliance reporting, scope your policies to the assets they are designed to evaluate.
Related Pages
- Create a Policy: Define prerequisites during policy creation
- Asset Groups: Create and manage asset groups
- Policy Status: View scoped evaluation results
- Evaluate a Policy: Trigger and review evaluations