Managing threat detection policies and rules

A policy is a combination of rules about the activities that the enterprise wants to detect in an environment. The policy includes the actions that can be taken if the policy rule is breached and potentially the notifications that are sent. A number of default policies are available that can be used as-is, duplicated, or edited as needed. You can also create policies from scratch, by using either predefined rules or by creating custom rules.

IBM Cloud Security and Compliance Center Workload Protection implements Sysdig Secure functionality. Information that is provided by the Sysdig Secure documentation applies to Workload Protection as well.

For more information, see Threat detection policies and rules