Advanced Acceptance Rules for Risks

How to setup an advanced acceptance rule for risks

1. 01

   Choose a risk to start crafting a rule

   Visit the risks page and click the Accept Risk button.

   

   
2. 02

   Accept risk, or expand editor

   With the accept risk rule editor, you have a choice to make:

   1. Accept the current risk and target pair.
   2. Expand the editor to create an advanced rule.

   If you're fine with choice one, hit the Accept button. If you would like to do something more advanced expand the Advanced Rule Editor section.

   
3. 03

   Understanding the acceptance conditions

   The code editor allows crafting any arbitrary query to match against your total set of risks. The query is structured in a JSON format. The query is composed of Mongoose like operators, formatted similarly to a mongoose query.

   Try these three steps to familarize yourself

   1. Click on the matched risk in the left hand pane to expand it and view the various properties you can match against.
   2. Click on one of properties in the value of one of the properties, like MEDIUM for the threat level. This will be automatically added the property and value as a condition in the editor.
   3. Modify the query in the editor to use an operation, in this case we have added the $in operator and chosen two values

   
4. 04

   Craft a risk acceptance rule

   With advanced rule editor open you will see a couple of options:

   1. On the top row Edit buttons appear next to the risk and target
   2. On the left side of the pane, a code editor is populated with the specific risk definition and target ids corresponding to the current risk and target selected.
   3. On the right side of the pane, a list of risks that match the criteria in the editor pane is shown.

   The edit buttons along the top row help to quickly change the risk selected, and the targets selected. Try using these buttons, and see how the code in the editor changes, along with the Matched Risks list.

   
5. 05

   Operators for acceptance rules

   The operators roughly match what is available for MongoDB queries

   The following operators are available to use for writing a query to match risks for acceptances:

   Operator	Type	Description
   $all	array	requires all values in the array to be values in the property as well. Used on properties that are also an array. { "$all": ["prod", "webserver"] }
   $and	array	requires an array of expressions to all be true
   $elemMatch	object	takes an expression and checks that an element on the property matches the expression. I.e. { "$elemMatch": { "port": } }
   $eq	any	the property matched equals the value in the query
   $exists	boolean	the property checked needs to exist if "true", otherwise reject values that do not exist using "false"
   $gt	number or string	the property checked needs to be greater than the value in the query
   $gte	number or string	the property checked needs to be greater than or equal to the value in the query
   $in	array	the property matched needs to be one of the values $in the array for the query
   $lt	number or string	the property checked needs to be less than the value in the query
   $lte	number or string	the property checked needs to be less than or equal to the value in the query
   $mod	array	the modulus of the property is equal to the value. I.e. [4, 0] means "the property modulus 4 equals 0"
   $ne	any	the property matched does not equal the value in the query
   $nin	array	opposite of $in, the property matched must not be one of the values in the array for the query.
   $nor	array	opposite of OR: { $nor: [{ _id: "12345" }, { _id: "67890" }] }
   $not	object	Not a given expression. I.e. { "$not": { "$size": 3 } }
   $or	array	OR array of expressions
   $size	number	the property array matches the length specified in the value in the query
   $regex	string or regular expression	the property matches the given regular expression