Skip to main content
McAfee MVISION Cloud

Edit Configuration Audit Policies

You can edit Configuration Audit policies, including enabling and disabling policies, to customize the activities MVISION Cloud monitors. For policies created with the Policy Builder, and for existing policies, the method is different. 

Edit a Configuration Audit Policy Created with Policy Builder

To edit a Configuration Audit policy created with Policy Builder:

  1. Choose Policy > Configuration Audit.
  2. Search for the policy you'd like to customize and click Edit.
    edit_policy_builder_1.png
  3. The Policy Builder is displayed.
  4. Click Edit on the Description, Rules, or Responses sections. 
  5. For Policy Status, you can make the policy Active or Inactive
    edit_policy_builder_3.png
  6. To save changes, click Save

Edit an Existing Configuration Audit Policy

You can edit Configuration Audit policies created before the Policy Builder was available, including enabling and disabling policies, to customize the activities MVISION Cloud monitors.

To edit an existing Configuration Audit policy:

  1. Choose Policy > Configuration Audit.
  2. Search for the policy you'd like to customize and click Edit.
    edit_config_audit_4.1.2.png
  3. The Description page provides an overview of the existing policy. From Policy Status, select Active to enable a policy, or select Inactive to turn it off. 
    edit_config_audit_description_4.1.2.png
  4. Under Description, click Edit. Here you can edit the name or description of the policy. Click Next
    edit_config_audit_description2_4.1.2.png
  5. On the Rules page you can:
    edit_config_audit_rules_4.1.2.png
    • Select a Service to which the policy applies. (If a Service is a required for your policy and you do not select a service, no incidents will be triggered.) Then click Done
      edit_config_audit_service_4.1.2.png
    • Add + or delete x exceptions. Then click Done
      edit_config_audit_exceptions_4.1.2.png
  6. Click Next.
  7. On the Response page, you can select to send notifications of an incident in these ways:
    • Send to SNS Topic. Send the details of this incident to the SNS Topic associated with the Role ARN that you specify. 
    • Send to SQS Queue. Send the details of this incident to the SQS Queue associated with the Role ARN that you specify. 
    • Scan Unsecured Resources. This adds the response action to run an On-Demand Scan whenever a violation of the policy occurs. For details see Automatic Scanning for Vulnerable S3 Buckets and Azure Blobs
    • Email Notification. Select who you'd like to receive email notifications when a policy is violated. edit_config_audit_response_4.1.2.png
  8. Click Next
  9. On the Review page, review your changes, and if necessary, activate your policy. 
    edit_config_audit_review_4.1.2.png
     

 

  • Was this article helpful?