1. Overview

Twistlock lets you import and export rules from one Console to another. Every rule created in Twistlock under the Defend section has copy and export buttons in the Actions menu. An import button is located at the bottom of every rule table.

2. Copying rules

To copy a rule:

Procedure

  1. Go to Defend > Runtime > {Vulnerabilities | Compliance | Access}.

  2. Click Actions > Copy for the rule you want to copy.

    A dialog box named Edit copy of…. opens.

  3. Make any desired changes to the copied rule.

  4. Click Save.

3. Exporting rules

Click Actions > Export next to any rule to export it in json format.

Example

{
  "name": "Default - ignore Twistlock components",
  "owner": "system",
  "modified": "2017-05-31T20:47:21.573Z",
  "effect": "alert",
  "resources": {
    "hosts": [
      "*"
    ],
    "images": [
      "docker.io/twistlock/private:console*"
    ],
    "labels": [
      "*"
    ],
    "containers": [
      "twistlock_console"
    ],
    "services": []
  },
  "advancedProtection": true,
  "processes": {
    "blacklist": [],
    "whitelist": [],
    "enforceProfile": true
  },
  "syscalls": {
    "appRules": [],
    "enforceProfile": true
  },
  "network": {
    "blacklistIPs": [],
    "blacklistListeningPorts": [],
    "whitelistListeningPorts": [],
    "blacklistOutboundPorts": [],
    "whitelistOutboundPorts": [],
    "whitelistIPs": [],
    "enforceProfile": true
  },
  "filesystem": {
    "checkNewFiles": false,
    "blacklist": [],
    "whitelist": [],
    "enforceProfile": true
  },
  "alertProfiles": [],
  "policyType": "runtime",
  "exportTime": "06_09_17_15_53_48",
  "exportBy": "admin"
}

4. Importing rules

A rule can be imported into Console in JSON format. To capture a rule in JSON format, use the export function described above.