Add a Tagged Object to a Policy

Use the procedure below to add a tagged resource to your policy:

Before you begin

You must have the following already completed before you continue with this procedure:

  • An onboarded cloud service provider with asset discovery enabled. See Enable Asset Discovery and Inventory for more information.

  • At least one VPC or VNet compatible with the cloud service provider that is already onboarded.

  • At least one object. See Inventory for more information.

  • At least one tagged object resource. See How to Tag Object Resources for more information.

Note this procedure does not support OCI cloud service providers.

Procedure

Step 1

In the Security Cloud Control platform menu, choose Products > Multicloud Defense .

Step 2

Navigate to Policies > Security Policies > Addresses.

Step 3

Check the box of an existing Src/Dest policy from the table or click Create to create a new policy and select Src/Dest as the policy type.

Step 4

Enter a unique Name. Note that the name cannot contain any spaces.

Step 5

(Optional) Enter a Description for the policy. This can be helpful to differentiate between other policies that might have a similar naming convention.

Step 6

Expand the Type drop-down menu and select User Defined Tag.

Step 7

Expand the CSP drop-down menu and select a cloud serice provider that is laready onboarded to your tenant.

Step 8

Expand the Region drop-down menu and select the region associated with the cloud service provider.

Step 9

Expand the VPC drop-down menu and select the VPC or VNet you want associated with the policy.

Step 10

Expand the Subnet drop-down meu and select the subnet you want assigned to the policy.

Step 11

(Azure only) Expand the Resource Group drop-down menu and select the group you want associated with the policy.

Step 12

The Resource Level refers to the granularity at which security rules can be applied to control traffic between source and destination resources. Resource-level policies enable administrators to define security rules for specific resources, such as virtual machines, subnets, or specific IP addresses, rather than applying broad rules across network segments. Expand the Resource Level drop-down menu and select one of the following options:

  • VPC/VNet

  • Instance

  • Subnet

  • Load Blancer

  • Security Group

  • (Azure only) Application Security

Step 13

Expand the Resource Tag drop-down menu and select the name of the tag you want to apply. This tag references all the object resources you added to it.

Step 14

Expand the Value drop-down menu and select the autopopulated options that are avaiable. These options are tied directly to the resource tag itself and cannot be used interchangbly across other tags unless specifically configured that way.

Step 15

Confirm the matching expression at the very bottom of the window. If this is correct, click Save to save and apply the policy to your cloud service provider. Alternatively, click Cancel to delete the temporary configuration and not deploy.