Applying a Policy

Precautions

• When you enable the enterprise edition, the policy group of this edition (including weak password and website shell detection policies) takes effect for all your servers by default.
• When you enable the premium edition you separately purchased or included with the WTP edition, the policy group of this edition takes effect by default.

  To create your own policy group, you can copy the policy group of premium edition and add or remove policies in the copy.

Creating a Policy Group

1. Log in to the management console.
2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
   Figure 1 Accessing HSS
   

3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.
   

   • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
   • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

4. In the navigation tree on the left, choose Security Operations > Policies
   

   If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

5. Copy a policy group.
   • Select the tenant_linux_premium_default_policy_group policy group. Locate the row that this policy group resides, click Copy in the Operation column.
     Figure 2 Copying a Linux policy group
     
   • Select the tenant_windows_premium_default_policy_group policy group. Click Copy in the Operation column.
     Figure 3 Copying a Windows policy group
     

6. In the dialog box displayed, enter a policy group name and description, and click OK.
   

   • The name of a policy group must be unique, or the group will fail to be created.
   • The policy group name and its description can contain only letters, digits, underscores (_), hyphens (-), and spaces, and cannot start or end with a space.
   Figure 4 Creating a policy group
   

7. Click OK.
8. Click the name of the policy group you just created. The policies in the group will be displayed.
   Figure 5 Policies in a group
   

9. Click a policy name and modify its settings as required. For details, see Modifying a Policy.
10. Enable or disable the policy by clicking the corresponding button in the Operation column. You can click to refresh the page.

Applying a Policy Group

1. Log in to the management console.
2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > Host Security Service.
   Figure 6 Accessing HSS
   

3. In the displayed dialog box, click Try the new edition to switch to the HSS (New) console.
   

   • Currently, HSS is available in the following regions: CN South-Guangzhou, CN-Hong Kong, AP-Bangkok, and AP-Singapore.
   • On the HSS (New) console, you can click Back to Old Console in the upper left corner to switch to the HSS (Old) console.

4. In the navigation pane, choose Asset Management > Servers & Quota and click Server.
5. On the Devices page, select one or more target hosts and click Apply Policy.
   Figure 7 Applying a policy
   

6. In the dialog box that is displayed, select a policy group and click OK.
   Figure 8 Selecting a policy group
   
   

   • Old policies applied to a server will become invalid if you apply new policies to the server.
   • Policies are applied to the servers within 1 minute.
   • Policies applied to offline servers will not take effect until the servers are online.
   • In a deployed policy group, you can enable, disable, or modify policies.
   • A policy group that has been deployed cannot be deleted.