Twistlock - Policy Options

ZeroNorth Experts
,
1

Compatible Integrations

  • Requires set up of Docker Integration and Target(s) of that type before Policy creation.
  • Note that your Twistlock Scenario will only appear in your Policy options if you have a selected a Target with an Integration of Repository type Docker.

Create Policy

Suggested reading: Create a Policy

  1. Navigate to znOPS > Policies .
  2. Click on the +Add Policy button on the bottom right of the screen.

Policy Set Up

  • Enter the Name and Description (see our Policy Name Recommendations)
  • Select previously created Docker Integration and Target.
  • Select “Twistlock” Scenario that was previously activated (see Twistlock - Activate Scenario).
  • Depending on your use case, follow either the steps for Orchestrated Scans or Data Loads.

Policy Options

Suggested reading: ZN’s Supported Execution Modes, Twistlock - ZN’s Supported Execution Modes & Supported Versions of Tool

Orchestrated Scans

In general, the “Orchestrated Scans” option will result in ZeroNorth creating a configured item in the security tool instance and then extract results from the security tool.

  • As a default the “Policy Type” in the “Scenario” section of the Policy set up is set to “Orchestrated Scan”. If it is not, In the “Scenario” section of the Policy set up, select “Orchestrated Scan” for “Policy Type”.

Data Loads

In general, the “Data Load” option will result in ZeroNorth selecting a specific set of point in time scan results from a security tool instance. Additionally, ZN will need an identifier for the set of point in time scan results.

  • In the “Scenario” section of the Policy set up, select your Twistlock Scenario
  • For “Policy Type” select “Data Load”
  • A section for “Twistlock Policy Parameters” will appear
    • Input the Twistlock image name in the text field
      • You can obtain the image name in the Twistlock UI. Under “Monitor”, click on “Vulnerabilities” > “Images” tab > click on “Repository” in the row of the desired results. Copy the value for “Image”. Image name is a combination of repository and tags.