Appearance
Manage Policies
The Policies page is your central hub for viewing, editing, and managing the lifecycle of all security policies in AttackLens.
Policy List
Navigate to Policies in the left menu to view all policies in your organization.
The list displays the following columns:
| Column | Description |
|---|---|
| Name | The policy name. Click to open the policy detail page. |
| Version | The current version number (auto-incremented on each edit) |
| Status | Active or Inactive |
| Created | When the policy was created |
Search and Sort
- Use the search bar to filter policies by name or description
- Click any sortable column header to sort ascending or descending
- Use pagination controls at the bottom to navigate through large policy lists
Read-Only Policies
Built-in policies delivered through the feed system are marked with a Read-only badge. These policies cannot be edited or deleted. To customize a built-in policy, use the Clone action.
View Policy Details
Click on a policy name to open its detail page. The detail page has two tabs:
Overview Tab
The overview tab displays:
- Name and Description
- Status: Active or Inactive badge
- Read-only badge (for built-in policies)
- Created By and Created date
- Updated By and Last Updated date (if modified)
- Sections: A tree view of all sections and their assigned rulesets
Status Tab
The status tab shows the policy's evaluation results across all targeted assets. See Policy Status for details.
Edit a Policy
INFO
Requires Admin role or the Edit Policy permission. Read-only policies cannot be edited.
- Navigate to the policy detail page
- Click the Edit button in the top-right corner
- Modify the policy name, description, prerequisites, sections, or ruleset assignments
- Click Update to save changes
The policy version number is automatically incremented when you save changes. Existing findings are re-evaluated on the next inventory cycle.
Clone a Policy
Cloning creates an editable copy of any policy, including read-only built-in policies.
- From the policy list, open the action menu (three dots) for the target policy and select Clone
- Or from the policy detail page of a read-only policy, click the Clone button
The cloned policy is created with the same structure, sections, and ruleset assignments. It is set to Active by default. The name is prefixed to indicate it is a copy.
TIP
Cloning is the recommended way to customize built-in framework policies. Clone the policy, then add or remove rulesets and sections to match your organization's specific requirements.
Delete a Policy
WARNING
Deleting a policy permanently removes it and all associated findings. This action cannot be undone.
- From the policy list, open the action menu for the target policy
- Select Delete
- Confirm the deletion in the confirmation dialog
Read-only policies cannot be deleted.
Activate or Deactivate a Policy
To change a policy's active status:
- Open the policy in edit mode
- Toggle the Active switch at the top of the form
- Click Update
| Action | Effect |
|---|---|
| Activate | The policy will be included in the next evaluation cycle. New findings will be generated. |
| Deactivate | The policy is excluded from evaluations. Existing findings remain but are not updated. |
Permissions
The following permissions control policy management:
| Action | Required Permission |
|---|---|
| View policies | Any authenticated user |
| Create policy | Create Policy |
| Edit policy | Edit Policy |
| Delete policy | Delete Policy |
| Clone policy | Clone Policy |
Related Pages
- Create a Policy: Step-by-step creation guide
- Policy Status: Understanding the status dashboard
- Evaluate a Policy: Triggering and reviewing evaluations