From 9c57d6ebc988520bce75599ab19ee1848b03caf3 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Mon, 23 Jun 2025 08:10:14 -0600 Subject: [PATCH 1/6] feat: Secure your fleet, NGINX One This commit adds a new landing page archetype, which has the ability to display various cards to highlight specific items. The archetype includes inline guidance like other archetypes, including explanations of new frontmatter parameters and a new card shortcode. --------- Co-authored-by: Mike Jang <3287976+mjang@users.noreply.github.com> Co-authored-by: Alan Dooley Co-authored-by: Alan Dooley --- .../how-to/generate-data-plane-key.md | 21 +++ .../nginx-one/how-to/install-nginx-agent.md | 42 ++++++ content/nginx-one/_index.md | 7 + content/nginx-one/secure-your-fleet/_index.md | 6 + content/nginx-one/secure-your-fleet/secure.md | 131 ++++++++++++++++++ 5 files changed, 207 insertions(+) create mode 100644 content/includes/nginx-one/how-to/generate-data-plane-key.md create mode 100644 content/includes/nginx-one/how-to/install-nginx-agent.md create mode 100644 content/nginx-one/secure-your-fleet/_index.md create mode 100644 content/nginx-one/secure-your-fleet/secure.md diff --git a/content/includes/nginx-one/how-to/generate-data-plane-key.md b/content/includes/nginx-one/how-to/generate-data-plane-key.md new file mode 100644 index 000000000..3e69bedae --- /dev/null +++ b/content/includes/nginx-one/how-to/generate-data-plane-key.md @@ -0,0 +1,21 @@ +--- +docs: +files: + - content/nginx-one/secure-your-fleet/secure.md + - content/nginx-one/getting-started.md +--- + +A data plane key is a security token that ensures only trusted NGINX instances can register and communicate with NGINX One. + +To generate a data plane key: + +- **For a new key:** In the **Add Instance** pane, select **Generate Data Plane Key**. +- **To reuse an existing key:** If you already have a data plane key and want to use it again, select **Use existing key**. Then, enter the key's value in the **Data Plane Key** box. + +{{}} +Data plane keys are displayed only once and cannot be retrieved later. Be sure to copy and store this key securely. + +Data plane keys expire after one year. You can change this expiration date later by [editing the key]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md#change-expiration-date" >}}). + +If you [Revoke a data plane key]({{< ref "nginx-one/connect-instances/create-manage-data-plane-keys.md#revoke-data-plane-key" >}}) you disconnect all instances registered with that key. +{{}} diff --git a/content/includes/nginx-one/how-to/install-nginx-agent.md b/content/includes/nginx-one/how-to/install-nginx-agent.md new file mode 100644 index 000000000..bccedc67a --- /dev/null +++ b/content/includes/nginx-one/how-to/install-nginx-agent.md @@ -0,0 +1,42 @@ +--- +docs: +files: + - content/nginx-one/secure-your-fleet/secure.md + - content/nginx-one/getting-started.md +--- + +After entering your data plane key, you'll see a `curl` command similar to the one below. Copy and run this command on each NGINX instance to install NGINX Agent. Once installed, NGINX Agent typically registers with NGINX One within a few seconds. + +{{}} +NGINX Agent must be able to establish a connection to NGINX One Console's Agent endpoint (`agent.connect.nginx.com`). Ensure that any firewall rules you have in place for your NGINX hosts allows network traffic to port `443` for all of the following IPs: + +- `3.135.72.139` +- `3.133.232.50` +- `52.14.85.249` +{{}} + +To install NGINX Agent on an NGINX instance: + +1. **Check if NGINX is running and start it if it's not:** + + First, see if NGINX is running: + + ```shell + sudo systemctl status nginx + ``` + + If the status isn't `Active`, go ahead and start NGINX: + + ```shell + sudo systemctl start nginx + ``` + +2. **Install NGINX Agent:** + + Next, use the `curl` command provided to you to install NGINX Agent: + + ``` shell + curl https://agent.connect.nginx.com/nginx-agent/install | DATA_PLANE_KEY="YOUR_DATA_PLANE_KEY" sh -s -- -y + ``` + + - Replace `YOUR_DATA_PLANE_KEY` with your actual data plane key. diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md index 624af7c04..eb5203e13 100644 --- a/content/nginx-one/_index.md +++ b/content/nginx-one/_index.md @@ -46,6 +46,9 @@ F5 NGINX One Console makes it easy to manage NGINX instances across locations an {{}} Assign responsibilities with role-based access control {{}} + {{}} + Configure alerts that match your security policies + {{}} {{}} Manage your NGINX fleet over REST {{}} @@ -111,4 +114,8 @@ F5 NGINX One Console makes it easy to manage NGINX instances across locations an Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs. {{}} {{}} +<<<<<<< HEAD {{}} +======= +{{}} +>>>>>>> 7152a0d7 (feat: Secure your fleet, NGINX One) diff --git a/content/nginx-one/secure-your-fleet/_index.md b/content/nginx-one/secure-your-fleet/_index.md new file mode 100644 index 000000000..d9fea82ff --- /dev/null +++ b/content/nginx-one/secure-your-fleet/_index.md @@ -0,0 +1,6 @@ +--- +title: Secure your fleet +description: +weight: 450 +url: /nginx-one/secure-your-fleet +--- diff --git a/content/nginx-one/secure-your-fleet/secure.md b/content/nginx-one/secure-your-fleet/secure.md new file mode 100644 index 000000000..02e5410a1 --- /dev/null +++ b/content/nginx-one/secure-your-fleet/secure.md @@ -0,0 +1,131 @@ +--- +title: "Set up security alerts" +weight: 500 +toc: true +nd-content-type: how-to +nd-product: NGINX One +--- + +With this page, you'll learn how to set up alerts in F5 Distributed Cloud. Once configured, you'll see the CVEs and insecure configurations associated with your NGINX fleet. These instructions are intended for those responsible for keeping their NGINX infrastructure and application traffic secure. It assumes you know how to: + +- Install Linux programs or run Docker containers + +By the end of this tutorial, you'll be able to: + +- Access the NGINX One Console in F5 Distributed Cloud +- Connect NGINX instances to the NGINX One Console +- Review Security Risks associated with your NGINX fleet +- Configure Alert Policies in F5 Distributed Cloud + +## Background + +NGINX One Console is a service to monitor and manage NGINX. It's a part of the F5 Distributed Cloud and is included with all NGINX and F5 Distributed Cloud subscriptions. While NGINX is built to be secure and stable, critical vulnerabilities can occasionally emerge – and misconfigurations may leave your applications or APIs exposed to attacks. + +## Before you begin + +If you already have accessed F5 Distributed Cloud and have NGINX instances available, you can skip these steps and start to connect instances to the NGINX One Console. + +### Confirm access to the F5 Distributed Cloud + +Confirm an F5 Distributed Cloud tenant has been provisioned for you. Log in to MyF5 and review your subscriptions. You should see within one of your subscriptions "Distributed Cloud". This could be in either an NGINX subscription or a Distributed Cloud. If the above does not appear in any of your subscriptions, reach out to either your F5 Account Team or Customer Success Manager. + +With access, you or someone in your organization should have an email from no-reply@cloud.f5.com asking you to update your password when the tenant was created. The account name referenced in the E-Mail in bold is the tenant name. + +Navigate to https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io/ to access F5 Distributed Cloud. If you have never logged in, select the **Forgot Password?** option in the log in screen. Alternatively, if someone within your organization has access, ask them to add you as a user within your tenant with a role providing permissions for NGINX One. + +### Confirm access to NGINX One Console in the F5 Distributed Cloud + +Once you've logged in with your password, you should be able to see and select the NGINX One tile. + +1. Select the **NGINX One** tile +1. Select **Visit Service** + +### Install an instance of NGINX + +Ensure you have an instance of [NGINX Open Source or NGINX Plus]({{< ref "/nginx/admin-guide/installing-nginx/" >}}) installed and available. This guide provides instructions for connecting an instance installed in a Linux environment (VM or bare metal hardware) where you have command line access. +Alternatively, we also have instructions for [Deploying NGINX and NGINX Plus with Docker]({{< ref "/nginx/admin-guide/installing-nginx/installing-nginx-docker.md" >}}) with NGINX and the NGINX Agent installed. That deployment can connect with environment variables. + +## Connect at least one NGINX instance to the NGINX One Console + +If you already have connected instances to the NGINX One Console, you can start to [Configure an active alert policy]({{< ref "/nginx-one/secure-your-fleet/secure.md#configure-an-active-alert-policy" >}}). +Otherwise, you need to generate a data plane key, add an instance, and install NGINX Agent. We assume this is the first time you are connecting an instance. + +### Add an instance + +{{< include "/nginx-one/how-to/add-instance.md" >}} + +### Generate a data plane key + +{{< include "/nginx-one/how-to/generate-data-plane-key.md" >}} + +### Install NGINX Agent + +{{< include "/nginx-one/how-to/install-nginx-agent.md" >}} + +You can also install NGINX Agent from our repositories and configure it manually. Alternatively you can use our official NGINX Docker images, pre-configured with NGINX Agent. + +## Configure an active alert policy + +The NGINX One Console monitors all connected NGINX instances for CVEs and insecure configurations. Using the F5 Distributed Cloud's Alert Policies you can receive alerts for these risks in a manner of your choosing; for the purposes of this guide we will show you how to configure E-Mail alerts. + +The F5 Distributed Cloud generates alerts from all its services including NGINX One. You can configure rules to send those alerts to a receiver of your choice. These instructions walk you through how to configure an email notification when we see new CVEs or detect security issues with your NGINX instances. + +This page describes basic steps to set up an email alert. For authoritative documentation, see +[Alerts - Email & SMS](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-email-sms). + +## Configure alerts to be sent to your email + +To configure security-related alerts, follow these steps: + +1. Navigate to the F5 Distributed Cloud Console at https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io. +1. Find **Audit Logs & Alerts** > **Alerts Management**. +1. Select **Add Alert Receiver**. +1. Configure the **Alert Receivers** + 1. Enter the name of your choice. + 1. (Optional) Specify a label and description. +1. Under **Receiver**, select Email and enter your email address. +1. Select **Save and Exit**. +1. Your Email receiver should now appear on the list of Alert Receivers. +1. Under the Actions column, select Verify Email. +1. Select **Send email** to confirm. +1. You should receive a verification code in the email provided. Copy that code. +1. Under the Actions column, select **Enter verification code**. +1. Paste the code and select **Verify receiver**. + +## Configure Alert Policy + +Next, configure the policy that identifies when you'll get an alert. + +1. Navigate to **Alerts Management > Alert Policies**. +1. Select **Add Alert Policy**. + 1. Enter the name of your choice. + 1. (Optional) Specify a label and description. +1. Under Alert Reciever Configuration > Alert Receivers, select the Alert Receiver you just created. +1. Under Policy Rules select Configure. +1. Select Add Item. +1. Under Select Alerts (TBD). +1. Set the Action as Send and select Apply. + +Now set a second alert related to Common Vulnerabilities and Exposures (CVEs). + +1. Select Add Item +1. Under Select Alerts {adding additional Alert type for CVE) +1. Set the Action as Send and select Apply +1. Select **Save and Exit** + +You've now set up F5 Distributed Cloud to send you security-related alerts from NGINX One Console. + +## Summary + +In this tutorial, you learned how to: + +- Access the NGINX One Console +- Connect an NGINX instance +- Configure an Alert + +You will now receive an email any time the NGINX One Console recognizes one of your connected instances has a configuration that is insecure or an NGINX CVE impacts it. + +## Next steps + +Now that you have NGINX instances connected to the Console, consider reviewing our [use cases]({{< ref "/nginx-one/" >}}) to see how you can easily manage your NGINX instances, draft new configurations, and more. +Additionally, you can review how to add additional Alert Receivers such as [SMS](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-email-sms), [Slack](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-slack), [PagerDuty](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-pagerduty), or with a [webhook](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-webhook). From a026ee31016bef1c10e95e1b185cf7cb057ce797 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Thu, 10 Jul 2025 06:01:08 -0700 Subject: [PATCH 2/6] Updates for reporting --- content/nginx-one/secure-your-fleet/secure.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/nginx-one/secure-your-fleet/secure.md b/content/nginx-one/secure-your-fleet/secure.md index 02e5410a1..95f53be17 100644 --- a/content/nginx-one/secure-your-fleet/secure.md +++ b/content/nginx-one/secure-your-fleet/secure.md @@ -78,13 +78,13 @@ This page describes basic steps to set up an email alert. For authoritative docu To configure security-related alerts, follow these steps: 1. Navigate to the F5 Distributed Cloud Console at https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io. -1. Find **Audit Logs & Alerts** > **Alerts Management**. -1. Select **Add Alert Receiver**. +1. Select **Audit Logs & Alerts** +1. Select **Manage > Alert Receiver** 1. Configure the **Alert Receivers** 1. Enter the name of your choice. 1. (Optional) Specify a label and description. 1. Under **Receiver**, select Email and enter your email address. -1. Select **Save and Exit**. +1. Select **Add Alert Receiver** 1. Your Email receiver should now appear on the list of Alert Receivers. 1. Under the Actions column, select Verify Email. 1. Select **Send email** to confirm. From 330f45508961690930e1dcfb6bd4919cbf7ce0c8 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Thu, 10 Jul 2025 07:54:49 -0700 Subject: [PATCH 3/6] update index.md --- content/nginx-one/_index.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md index eb5203e13..1f212df61 100644 --- a/content/nginx-one/_index.md +++ b/content/nginx-one/_index.md @@ -114,8 +114,4 @@ F5 NGINX One Console makes it easy to manage NGINX instances across locations an Defend, adapt, and mitigate against Layer 7 denial-of-service attacks on your apps and APIs. {{}} {{}} -<<<<<<< HEAD -{{}} -======= {{}} ->>>>>>> 7152a0d7 (feat: Secure your fleet, NGINX One) From 5dcbf065156208f95553afe0e4f032e143325dd2 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Tue, 15 Jul 2025 11:37:41 -0700 Subject: [PATCH 4/6] Update position in N1C index --- content/nginx-one/_index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/nginx-one/_index.md b/content/nginx-one/_index.md index 1f212df61..fd1e1479e 100644 --- a/content/nginx-one/_index.md +++ b/content/nginx-one/_index.md @@ -37,6 +37,9 @@ F5 NGINX One Console makes it easy to manage NGINX instances across locations an {{}} Manage one instance or groups of instances. Monitor certificates. Set up metrics. {{}} + {{}} + Configure alerts that match your security policies + {{}} {{}} Manage one instance or groups of instances. Monitor certificates. Set up metrics. {{}} @@ -46,9 +49,6 @@ F5 NGINX One Console makes it easy to manage NGINX instances across locations an {{}} Assign responsibilities with role-based access control {{}} - {{}} - Configure alerts that match your security policies - {{}} {{}} Manage your NGINX fleet over REST {{}} From 495246f85a630444b01d1691ad548868d360e2fd Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Wed, 16 Jul 2025 07:24:13 -0700 Subject: [PATCH 5/6] Apply suggestions from code review Co-authored-by: Travis Martin <33876974+travisamartin@users.noreply.github.com> --- content/nginx-one/secure-your-fleet/secure.md | 39 +++++++++---------- 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/content/nginx-one/secure-your-fleet/secure.md b/content/nginx-one/secure-your-fleet/secure.md index 95f53be17..085f9d420 100644 --- a/content/nginx-one/secure-your-fleet/secure.md +++ b/content/nginx-one/secure-your-fleet/secure.md @@ -29,15 +29,15 @@ If you already have accessed F5 Distributed Cloud and have NGINX instances avail Confirm an F5 Distributed Cloud tenant has been provisioned for you. Log in to MyF5 and review your subscriptions. You should see within one of your subscriptions "Distributed Cloud". This could be in either an NGINX subscription or a Distributed Cloud. If the above does not appear in any of your subscriptions, reach out to either your F5 Account Team or Customer Success Manager. -With access, you or someone in your organization should have an email from no-reply@cloud.f5.com asking you to update your password when the tenant was created. The account name referenced in the E-Mail in bold is the tenant name. +With access, you or someone in your organization should have an email from no-reply@cloud.f5.com asking you to update your password when the tenant was created. The account name referenced in the email in bold is the tenant name. -Navigate to https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io/ to access F5 Distributed Cloud. If you have never logged in, select the **Forgot Password?** option in the log in screen. Alternatively, if someone within your organization has access, ask them to add you as a user within your tenant with a role providing permissions for NGINX One. +Go to https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io/ to access F5 Distributed Cloud. If you have never logged in, select the **Forgot Password?** option in the log in screen. Alternatively, if someone within your organization has access, ask them to add you as a user within your tenant with a role providing permissions for NGINX One. ### Confirm access to NGINX One Console in the F5 Distributed Cloud Once you've logged in with your password, you should be able to see and select the NGINX One tile. -1. Select the **NGINX One** tile +1. Select the **NGINX One** tile 1. Select **Visit Service** ### Install an instance of NGINX @@ -66,9 +66,9 @@ You can also install NGINX Agent from our repositories and configure it manually ## Configure an active alert policy -The NGINX One Console monitors all connected NGINX instances for CVEs and insecure configurations. Using the F5 Distributed Cloud's Alert Policies you can receive alerts for these risks in a manner of your choosing; for the purposes of this guide we will show you how to configure E-Mail alerts. +The NGINX One Console monitors all connected NGINX instances for CVEs and insecure configurations. Using the F5 Distributed Cloud's Alert Policies, you can receive alerts for these risks in a manner of your choosing; for the purposes of this guide, we show you how to configure email alerts. -The F5 Distributed Cloud generates alerts from all its services including NGINX One. You can configure rules to send those alerts to a receiver of your choice. These instructions walk you through how to configure an email notification when we see new CVEs or detect security issues with your NGINX instances. +The F5 Distributed Cloud generates alerts from all its services including NGINX One Console. You can configure rules to send those alerts to a receiver of your choice. These instructions walk you through how to configure an email notification when we see new CVEs or detect security issues with your NGINX instances. This page describes basic steps to set up an email alert. For authoritative documentation, see [Alerts - Email & SMS](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-email-sms). @@ -77,40 +77,39 @@ This page describes basic steps to set up an email alert. For authoritative docu To configure security-related alerts, follow these steps: -1. Navigate to the F5 Distributed Cloud Console at https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io. +1. Go to the F5 Distributed Cloud Console at https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io. 1. Select **Audit Logs & Alerts** 1. Select **Manage > Alert Receiver** 1. Configure the **Alert Receivers** 1. Enter the name of your choice. 1. (Optional) Specify a label and description. -1. Under **Receiver**, select Email and enter your email address. +1. Under **Receiver**, select **Email** and enter your email address. 1. Select **Add Alert Receiver** -1. Your Email receiver should now appear on the list of Alert Receivers. -1. Under the Actions column, select Verify Email. +1. Your email receiver should now appear on the list of Alert Receivers. +1. Under the **Actions** column, select **Verify Email**. 1. Select **Send email** to confirm. 1. You should receive a verification code in the email provided. Copy that code. -1. Under the Actions column, select **Enter verification code**. +1. Under the **Actions** column, select **Enter verification code**. 1. Paste the code and select **Verify receiver**. ## Configure Alert Policy Next, configure the policy that identifies when you'll get an alert. -1. Navigate to **Alerts Management > Alert Policies**. +1. Go to **Alerts Management > Alert Policies**. 1. Select **Add Alert Policy**. 1. Enter the name of your choice. 1. (Optional) Specify a label and description. -1. Under Alert Reciever Configuration > Alert Receivers, select the Alert Receiver you just created. -1. Under Policy Rules select Configure. -1. Select Add Item. -1. Under Select Alerts (TBD). -1. Set the Action as Send and select Apply. +1. Under **Alert Reciever Configuration > Alert Receivers,** select the **Alert Receiver** you just created. +1. Under **Policy Rules** select **Configure**. +1. Select **Add Item**. +1. Under **Select Alerts** (TBD). +1. Set the **Action as Send** and select **Apply**. Now set a second alert related to Common Vulnerabilities and Exposures (CVEs). -1. Select Add Item -1. Under Select Alerts {adding additional Alert type for CVE) -1. Set the Action as Send and select Apply +1. Select **Add Item** +1. Under **Select Alerts**, set the **Action** as **Send** and select **Apply** 1. Select **Save and Exit** You've now set up F5 Distributed Cloud to send you security-related alerts from NGINX One Console. @@ -127,5 +126,5 @@ You will now receive an email any time the NGINX One Console recognizes one of y ## Next steps -Now that you have NGINX instances connected to the Console, consider reviewing our [use cases]({{< ref "/nginx-one/" >}}) to see how you can easily manage your NGINX instances, draft new configurations, and more. +Now that you have NGINX instances connected to the NGINX One Console, consider reviewing our [use cases]({{< ref "/nginx-one/" >}}) to see how you can easily manage your NGINX instances, draft new configurations, and more. Additionally, you can review how to add additional Alert Receivers such as [SMS](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-email-sms), [Slack](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-slack), [PagerDuty](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-pagerduty), or with a [webhook](https://docs.cloud.f5.com/docs-v2/shared-configuration/how-tos/alerting/alerts-webhook). From 40b4b3d1726984c3be45fece91740566a79fa162 Mon Sep 17 00:00:00 2001 From: Mike Jang <3287976+mjang@users.noreply.github.com> Date: Thu, 17 Jul 2025 09:34:41 -0700 Subject: [PATCH 6/6] WIP --- content/nginx-one/secure-your-fleet/secure.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/content/nginx-one/secure-your-fleet/secure.md b/content/nginx-one/secure-your-fleet/secure.md index 085f9d420..4e0cfe746 100644 --- a/content/nginx-one/secure-your-fleet/secure.md +++ b/content/nginx-one/secure-your-fleet/secure.md @@ -79,8 +79,8 @@ To configure security-related alerts, follow these steps: 1. Go to the F5 Distributed Cloud Console at https://INSERT_YOUR_TENANT_NAME.console.ves.volterra.io. 1. Select **Audit Logs & Alerts** -1. Select **Manage > Alert Receiver** -1. Configure the **Alert Receivers** +1. Select **Alerts Management > Alert Receivers** +1. Select **Add Alert Receiver** 1. Enter the name of your choice. 1. (Optional) Specify a label and description. 1. Under **Receiver**, select **Email** and enter your email address. @@ -103,8 +103,9 @@ Next, configure the policy that identifies when you'll get an alert. 1. Under **Alert Reciever Configuration > Alert Receivers,** select the **Alert Receiver** you just created. 1. Under **Policy Rules** select **Configure**. 1. Select **Add Item**. -1. Under **Select Alerts** (TBD). +1. Under **Select Alerts** select a filter. If you're interested in all NGINX alerts, select **Matching RegEx of Alertname**. In the text box that appears, enter **NGINX**. 1. Set the **Action as Send** and select **Apply**. +1. Select **Apply** again, and then select **Apply Alert Policy**. Now set a second alert related to Common Vulnerabilities and Exposures (CVEs).