Creating an Xray Policy involves the following primary steps:
In the Administration module, select Watches & Policies and from the Policies tab click New Policy.
Provide a name for the Policy.
Select the Policy Type; Security, License, or Operational Risk. For more information, see Trigger Violations Using Xray Policy Rules
Click Next.
The Policy Rules List appears.
Define the rules and actions depending on what you have selected. The various options are outlined in Trigger Violations Using Xray Policy Rules and Policy Violation Automatic Actions.
A summary of the defined rules appears under the Policy Rules Listsection.
Click Next.
The Apply on Scope section appears
Select the Watch or multiple Watches that contain the resources the Policy rules will apply to.
Click Save Policy to complete the creation.