Home | CRS Home

Create runtime policies

You’ll create and update policies using the Container Runtime Security API. Once saved, your policies will appear in the Container Security UI. Please refer to the Qualys Container Runtime Security API Guide for complete details on API endpoints, input parameters and API samples.

When constructing a policy, consider the following options.

Write a policy from scratch

You can configure the instrumentation to get behavior logs only, view details for the container spun up from the image and then write a policy based on the behaviors you’re seeing.

You’ll use this API endpoint to build a policy from scratch:

/csapi/v1.2/runtime/policies

Auto-generate a policy based on a container's behavior

This option allows you to auto-generate a policy based on what's been observed for your instrumented container.

You'll use this API endpoint to build a policy based on a container’s behavior:

/csapi/v1.2/runtime/containers/{containerSha}/template