Release Notes

Product Introduction

Overview

Strengths

Use Cases

Features and Versions

Purchase Guide

Applying for Trial

Purchasing Pro Edition

Purchasing Image Scan

Purchasing Log Analysis

Getting Started

Operation Guide

Security Overview

Asset Management

Vulnerability Detection

Image Risk Management

Cluster Risk Management

Baseline Management

Runtime Security

Advanced Defense

Policy Management

Protection Switch

Alarm Settings

Log Analysis

Hybrid Cloud Installation Guide

Compromised Container Isolation

Log Field Data Parsing

Practical Tutorial

Mirror Vulnerability Scanning and Vulnerability Management

Troubleshooting

Offline Linux Client

Troubleshooting for Cluster Access

API Documentation

History

Introduction

API Category

Making API Requests

Network Security APIs

Cluster Security APIs

Security Compliance APIs

Runtime security - High-risk syscalls

Runtime Security - Reverse Shell APIs

Runtime Security APIs

Alert Settings APIs

Advanced prevention - K8s API abnormal requests

Asset Management APIs

Security Operations - Log Analysis APIs

Runtime Security - Trojan Call APIs

Runtime Security - Container Escape APIs

Image Security APIs

Billing APIs

Data Types

Error Codes

FAQs

TCSS Policy

Data Processing And Security Agreement

Glossary

Allowlist Management

PDF

Focus Mode

Font Size

Last updated: 2024-01-23 15:44:44

The allowlist policies module displays the option to configure the allowlist and the configured allowlist.
Filtering and Refreshing Allowed Images
1. Log in to the TCSS console and click Advanced Prevention > High-risk Syscalls > Allowlist policies on the left sidebar.
2. On the Allowlist policies tab, click the search box and search the configured allowlist by process path or syscall name.
﻿
﻿
3. On the Allowlist policies tab, click 
﻿
 on the right of the Operation column to refresh the allowlist.
Adding an Allowlist Policy
1. Log in to the TCSS console and click Advanced Prevention > High-risk Syscalls > Allowlist policies on the left sidebar.
2. On the Allowlist policies tab, click Add allowlist policy.
﻿
﻿
3. On the Add allowlist policy page, configure the target process path, syscall name, and scope.
Click 
﻿
 on the left of the Process path and Syscall name, enter the process path, and select the syscall name.
Note: 
 The process path is required.
﻿
The scope of the allowlist is All images or Specified images. Click 
﻿
 or 
﻿
 to select or delete the target specified image.
Note: 
 You can press Shift to select multiple ones.
﻿

4. After selecting the target content, click OK or Cancel.
Editing the Allowlist
1. Log in to the TCSS console and click Advanced Prevention > High-risk Syscalls > Allowlist policies on the left sidebar.
2. On the Allowlist policies tab, click Edit on the right.
﻿
﻿
3. On the Edit allowlist page, modify the target process path, syscall name, and scope.
﻿
﻿
4. After selecting the target content, click OK or Cancel.
Deleting the Allowlist
1. Log in to the TCSS console and click Advanced Prevention > High-risk Syscalls > Allowlist policies on the left sidebar.
2. On the Allowlist policies tab, click Delete on the right.
﻿
﻿
3. In the pop-up window, click Delete or Cancel.
Note: 
 The allowlist cannot be recovered once deleted, and alerts will be generated when images associated with the allowlist trigger the preset policy.
Custom List Management
1. Log in to the TCSS console and click Advanced Prevention > High-risk Syscalls > Allowlist policies on the left sidebar.
2. On the Allowlist policies tab, click 
﻿
 to pop up the Custom List Management window.
3. In the pop-up window, select the target type and click OK.
﻿
﻿
Key fields in the list
1. Images: Images for which the allowlist takes effect.
2. Process path: Process path for which the allowlist takes effect.
3. Syscall name: Syscall name for which the allowlist takes effect.
4. Operation: Editing or deleting the allowlist.