How to create rules using DOM files ?
How to create rules using DOM files ?
Let us create an NGL query to list GitHub repositories that are disabled.
-
We need to write a NGL query on Github, hence the app suite will be GitHub.
-
Identify the resource type to be used based on the GitHub DOM file.
-
Since the NGL is checking for the status of the repository, the Repository resource type will be the Primary Resource Type to use here.
-
We need to choose an expression for the rule. Here we are trying to match a condition hence we will use a should-have expression. See Expressions article for more information.
-
Check the Repository resource type and pick a property that is appropriate for the requirement. In this case, we have to use the is_disabled boolean property as it stores the status of the repository.
-
Since we are checking for repositories that are not disabled the condition will be “is-disabled=false“.
-
Navigate to API-enabled Protection > Security Posture SaaS > Inventory menu and go to Resources tab. Click the Switch to NGL icon on the right side of the filters toolbar. This will open the NGL query tool which we can use to try the NGL queries.
-
Write the query as GitHub Repository should-have is_disabled = false. While writing the query, the NGL tool also indicates you with the possible options to write a rule.
-
Click search.
-
You will see a list of github repositories which are not disabled. When converted to a rule, this will fail when the repositories have the condition “is-disabled=true”.