View violation details

View and triage policy violations.

2 minute read

When you select a violation in the Violations view, the Violation Details open in a panel on the right. The Violation Details panel shows detailed information grouped by multiple tabs.

Violations Tab

The Violation tab of the Violation Details panel explains how the policy was violated. If the policy targets deploy-phase attributes, you can view the specific values that violated the policies, such as violation names. If the policy targets runtime activity, you can view detailed information about the process that violated the policy, including its arguments and the ancestor processes that created it.

Violation details
Violation details

Comments and tags

You can use Tags and Comments to specify what’s happening with violations to keep your team up to date.

  • You need the StackRox Kubernetes Security Platform version 3.0.42 or newer to add and view Tags and Comments. To upgrade from an older version, see the Upgrade StackRox section.

  • You can edit and delete your own comments.

  • To delete comments from other users, you need a role with write permission for the AllComments resource.

  • To add and remove comments or tags, you need a role with write permission for the resource you are modifying. For example, to add comments on violations, your role must have write permission for the Alert resource.

    See Manage role based access control to know more about roles and permissions.

Comments

Comments allow you to add text notes to violations, so that everyone in the team can check what’s happening with a violation.

To add a new comment:

  1. Select New in the Violation Comments section header.
  2. Enter your comment in the comment editor. You can also add links in the comment editor. These links open in a new tab when someone clicks on the link on a comment.
  3. Select Save.

All comments are visible under the Violation Comments section, and you can edit and delete comments by selecting Edit or Delete icon for a specific comment.

Tags

You can use custom Tags to categorize your violations. Then you can filter the Violations view to show violations for selected tags (Tag attribute). See the Use local page filtering topic for more information about filtering.

To add tags:

  1. Select the drop-down in the Violation Tags section. Existing tags appear as a list (up to 10).
  2. Select an existing tag or enter a new tag and press Enter. As you enter your query, the StackRox Kubernetes Security Platform automatically displays relevant suggestions for the matching existing tags.

You can add more than one tag for a violation. All tags are visible under the Violation Tags section and you can remove tags by selecting Remove icon (✕) for a specific tag.

Enforcement Tab

The Enforcement tab of the Details panel displays an explanation of the type of enforcement action that was taken in response to the selected policy violation

Violation enforcement tab
Violation enforcement tab

Deployment Tab

The Deployment tab of the Details panel displays details of the deployment to which the violation applies.

Violation deployment tab
Violation deployment tab

Overview

  • Deployment ID - alphanumeric identifier for the deployment
  • Updated - when the deployment was updated
  • Cluster - name of the cluster where the container is deployed
  • Namespace - unique identifier for the deployed cluster
  • Deployment Type - the type of the deployment
  • Replicas - the number of replicated deployments
  • Labels - key-value string that’s metadata for further identifying and organizing images, containers, daemons, volumes, networks, and other resources
  • Annotations - used to attach arbitrary non-identifying metadata to objects that, unlike labels, aren’t used to identify and select objects
  • Service Account - represents an identity for processes that run in a pod. When a process is authenticated through a service account, it can contact the API server and access cluster resources. If a pod doesn’t have an assigned service account, it gets the default service account

Container Configuration

  • Image Name - name of the set of text instructions within a container
  • Resources
    • CPU Request (cores) - number of cores requested by the container
    • Memory Request (MB) - memory size requested by the container
  • Mounts
    • Name - name of the location where the service will be mounted
    • Source - where the data to be stored in the volume is coming from
    • Destination - where the data stored in the volume is to be sent
    • Type - the type of mount
  • Secrets - objects that are used to store sensitive information

Security Context

  • Privileged -
    • if true, it’s privileged
    • if false, it’s not privileged

Policy Tab

The Policy tab of the Details panel displays the policy definition details.

Violation policy tab
Violation policy tab

Policy

  • Id - a numerical identifier for the policy
  • Name - the name of the policy
  • Severity - indication of level of risk: Critical, High, Medium, Low
  • Description - a detailed explanation of what the policy alert is
  • Categories - a listing of the various categories this policy falls under
  • Rationale - explains the reasoning behind the establishment of the policy and why it matters
  • Remediation - suggestions on how to fix the issue
  • Enabled - is the policy enabled (yes, no)
  • Enforcement Action - one of the three kinds of actions (None, Scale to Zero Replicas, Add an Unsatisfiable Node Constraint)
  • Excluded Deployments - deployments that although might trigger policy violations have been allowed to pass without alerts generated

Policy Configuration

  • Privileged -
    • if true, it’s privileged
    • if false, it’s not privileged

Policies

To configure a custom policy, go to Platform Configuration > System Policies, and clone an existing policy or create a new one.

See Manage network policies for more details.

Questions?

We're happy to help! Reach out to us to discuss questions, issues, or feature requests.

© 2021 StackRox Inc. All rights reserved.