Alauda Security Service
  • English

    • Responding to Violations

    Alauda Security Service helps you view, investigate, and address policy violations.

    Its built-in policies detect vulnerabilities, configuration issues, risky build or deploy actions, and suspicious runtime behaviors. Violations are reported when enabled policies are not met.

    TOC

    Violation ViewsPlatform Workload ClassificationViewing ViolationsInvestigating a ViolationWorking with Policy ActionsEnforcement Context

    Violation Views

    The main entry point is Violations.

    In the current UI, violations are grouped into these top-level views:

    • User Workloads
    • Platform
    • All Violations

    Within each view, you can switch between these violation states:

    • Active
    • Resolved
    • Attempted

    Use these tabs to separate current problems from historical and blocked events.

    Platform Workload Classification

    Platform violations depend on the platform component definition configured in Platform Configuration > System Configuration.

    Platform-related violations should therefore be interpreted together with the current platform component configuration, not only by hard-coded namespace assumptions. The exact platform namespace patterns can vary by environment.

    Viewing Violations

    1. In the portal, click Violations.
    2. Choose the appropriate top-level view:
      • User Workloads
      • Platform
      • All Violations
    3. Choose a state tab:
      • Active
      • Resolved
      • Attempted
    4. Filter, sort, and review the results as needed.

    When matching data exists, the page also shows the current result count above the table for the selected view and state.

    The current results table includes fields such as:

    • Policy
    • Entity
    • Type
    • Enforced
    • Severity
    • Categories
    • Lifecycle
    • Time
    • Row actions

    Investigating a Violation

    Selecting a violation opens a details panel for further investigation.

    Typical information includes:

    • the violated policy
    • the affected workload or platform component
    • whether enforcement was active
    • severity and category
    • lifecycle stage
    • deployment-specific details, when applicable
    • policy details and policy behavior

    Depending on the violation type, the details area can also include deployment, container, network, or runtime context.

    Working with Policy Actions

    From the violations workflow, you can review the policy that triggered the finding and take follow-up actions such as:

    • investigating the affected resource
    • updating the relevant workload or image
    • adjusting policy scope where appropriate
    • excluding deployments from a policy when supported by available actions

    Enforcement Context

    Violations are shaped by the enforcement mode configured on the related policy.

    Common enforcement behavior includes:

    • Build: policy checks fail CI or image validation steps
    • Deploy: admission enforcement blocks or edits noncompliant deployments
    • Runtime: runtime responses apply when matching activity occurs

    For existing deployments, reassessment can be triggered from Policy Management using Reassess all.