Updated on 2024-03-28 GMT+08:00

Deploying a Protection Policy

You can quickly configure and start server scans by using policy groups. Simply create a group, add policies to it, and apply this group to servers. The agents deployed on your servers will scan everything specified in the policies.


When the professional, enterprise, premium, WTP, or container edition is enabled, the protection policy group of the corresponding edition is deployed by default and applies to servers. You do not need to manually deploy policies. For premium and container editions, you can copy a policy group and customize it as required. To flexibly manage server protection policies, you can replace the default policy group with a custom policy group.

Creating a Policy Group

  1. Log in to the management console.
  2. In the upper left corner of the page, select a region, click , and choose Security & Compliance > HSS.
  1. In the navigation tree on the left, choose Security Operations > Policies

    If your servers are managed by enterprise projects, you can select an enterprise project to view or operate the asset and scan information.

  2. Copy a policy group.

    Currently, only policies of premium and container editions can be copied.

    • Select the tenant_linux_premium_default_policy_group policy group. Locate the row that this policy group resides, click Copy in the Operation column.
      Figure 1 Copying a Linux policy group
    • Select the tenant_windows_premium_default_policy_group policy group. Click Copy in the Operation column.
      Figure 2 Copying a Windows policy group

  3. In the dialog box displayed, enter a policy group name and description, and click OK.

    • The name of a policy group must be unique, or the group will fail to be created.
    • The policy group name and its description can contain only letters, digits, underscores (_), hyphens (-), and spaces, and cannot start or end with a space.

  4. Click OK.
  5. Click the name of the policy group you just created. The policies in the group will be displayed.
  6. Click a policy name and modify its settings as required. For details, see Configuring Policies.
  7. Enable or disable the policy by clicking the corresponding button in the Operation column. You can click to refresh the page.

Applying a Policy Group

  1. Log in to the management console and go to the HSS page.
  1. In the navigation pane, choose Asset Management > Servers & Quota and click Servers.
  2. Select one or more servers for which you want to deploy a policy, and click More > Apply Policy.

    After protection is enabled for a server, the protection policy of the corresponding protection edition is deployed by default. For servers that use the premium and container editions, you can create and deploy different protection policies.

    Figure 3 Applying a policy

  3. In the dialog box that is displayed, select a policy group and click OK.

    • Old policies applied to a server will become invalid if you apply new policies to the server.
    • Policies are applied to the servers within 1 minute.
    • Policies applied to offline servers will not take effect until the servers are online.
    • In a deployed policy group, you can enable, disable, or modify policies.
    • A policy group that has been deployed cannot be deleted.