Exception policy is an object which allows the user to specify some posture tests to act differ than the default behavior.
More details and examples could be found here.
{
"policyType": "postureExceptionPolicy",
"name": "post111",
"guid": "",
"actions": [
"alertOnly",
"disable"
],
"resources": [
{
"designatorType": "attribute",
"wlid": "wlid",
"attributes": {
"cluster": "val1",
"namespace": "val2",
"kind": "pod"
}
},
{
"designatorType": "attribute",
"wlid": "wlid",
"attributes": {
"cluster": "val1",
"namespace": "val2",
"kind": "deployment",
"name": "nginx-fe"
}
}
],
"posturePolicies": [
{ //attributes of policies to apply on
"frameworkName": "NSA",
"controlName": "",
"ruleName": "aaaa"
},
{
"frameworkName": "MITRE",
"controlName": "",
"ruleName": "aaaa"
}
]
}
{
"policyType": "postureExceptionPolicy",
"name": "post111",
"guid": "fsdfsdfs-dfgdfg-452354365-nvbjgf-34235",
"actions": [
"alertOnly"
],
"resources": [
{
"designatorType": "attribute",
"attributes": {
"cluster": "cluster1",
"namespace": "namespace2",
"kind": "pod",
"name": "my-pod"
}
}
],
"posturePolicies": [
{
"frameworkName": "MITRE",
"controlName": "Privileged container"
}
]
}
{
"policyType": "postureExceptionPolicy",
"name": "post111",
"guid": "fsdfsdfs-dfgdfg-452354365-nvbjgf-34235",
"actions": [
"alertOnly"
],
"resources": [
{
"designatorType": "attribute",
"attributes": {
"cluster": "cluster1",
"namespace": "namespace2"
}
}
],
"posturePolicies": [
{
"frameworkName": "MITRE",
"controlName": "Privileged container"
}
]
}