Skip to content

Commit 474d909

Browse files
michaelcretzmandrichards-87
michaelcretzman
and
drichards-87
authored
Workload Protection: Pin a Datadog-managed policy (#32299)
* Workload Protection: Pin a Datadog-managed policy DOCS-12244 - Adding section for the policy pinning feature * fixing Vale complains * Update content/en/security/workload_protection/workload_security_rules/custom_rules.md Co-authored-by: DeForest Richards <[email protected]> --------- Co-authored-by: DeForest Richards <[email protected]>
1 parent da7412c commit 474d909

File tree

1 file changed

+18
-1
lines changed
  • content/en/security/workload_protection/workload_security_rules

1 file changed

+18
-1
lines changed

content/en/security/workload_protection/workload_security_rules/custom_rules.md

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,23 @@ You can create and deploy different custom policies containing rules you want to
3838
7. Add tags to the policy to target specific infrastructure.
3939
8. To deploy the policy, toggle the switch next to **Policy is disabled** and confirm.
4040

41-
### Conflicting Rules
41+
### Pin a Datadog-managed policy to its current version
42+
43+
<div class="alert alert-info">Policy pinning is supported in Agent version 7.71.0 and later. Previous Agents will continue to receive the latest policy updates automatically.</div>
44+
45+
When Datadog-managed policies are updated by Datadog, they are automatically deployed to your infrastructure.
46+
47+
To control when a new policy version is deployed to your infrastructure, you can pin the policy to its current version. Pinning a policy version prevents policy updates from being automatically rolled out when Datadog releases a new policy version.
48+
49+
To pin a policy, do the following:
50+
51+
1. Go to [Policies][3].
52+
2. Click a Datadog-managed policy.
53+
3. In **Version**, click the pin option.
54+
If your infrastructure is running Agents below version 7.71.0, an outdated agents warning appears. View and upgrade your Agent version in [Fleet Automation][19].
55+
4. Click **Pin**. To unpin the policy version, click the pin option again.
56+
57+
### Conflicting rules
4258

4359
When two policies deployed to the same host contain the same rule with a different status, the most severe aciton will be taken (Blocking > Monitoring > Disabled).
4460

@@ -238,3 +254,4 @@ You can also disable a rule by setting the **Then...** section of a rule to **Do
238254
[16]: /security/workload_protection/agent_expressions/
239255
[17]: #prioritize-policies
240256
[18]: #apply-tags
257+
[19]: https://app.datadoghq.com/fleet

0 commit comments

Comments
 (0)