Set Assess rules
Assess rules are out-of-the-box rules that can be applied to your applications. As an Organization Administrator or RulesAdmin, you can configure Assess Rules.
You can view a list of all rules applied, either at Applications > Your application name > Policy > Assess or in the user menu > Policy management > Assess rules. Each rule is listed with a severity and description, as well as an indicator of which environments it applies to.
To apply Assess rules to particular environments for an application:
When viewing the list of rules under Applications, use the toggles to turn each rule on or off for each environment. You can also use the checkboxes in the left column to select multiple rules, then select Change Mode to apply them. In the window that appears, toggle the rules on or off for each environment and select Done.
Alternatively, under Policy management, you can select an application name to see a list of rules that apply to that application. Use the toggles to turn rules on or off for each one.
To update Assess rule settings:
Under Policy management, select the name of an application to show a list of rules for that application.
Click the settings icon in the top right.
In the window that appears, select the Likelihood, Impact and Confidence Level of the vulnerabilities for which this rule is intended.
Optionally, select the checkbox to Override to enable this option to update these fields after the configuration is saved.
In the Risk Description field, enter additional information regarding potential consequences of exposure to this vulnerability. You can also provide a Recommendation.
In the References field, enter a link to an external reference related to the specific vulnerability to provide more context for the rule.
Select Save.
Note
If more advanced rules are required, for help with setup.