hlxsites · JBakstPaloAlto · Dec 3, 2024 · Dec 3, 2024 · Dec 3, 2024 · Dec 3, 2024
diff --git a/...e-edition/content-collections/governance/custom-build-policies/code-editor.adoc b/...e-edition/content-collections/governance/custom-build-policies/code-editor.adoc
@@ -3,55 +3,48 @@
 [.task]
 == Code Editor
 
-Prisma Cloud supports Code Editor capability where you can create a policy rule for custom Configuration policies during Build-time checks. Code Editor is the default view for Build  policy rule and as an example a YAML policy template is always available on the Prisma Cloud console.
+Prisma Cloud's Code Editor allows you to define advanced custom policies for build-time checks. Users can leverage YAML templates, logic operators, and framework support to create complex policies tailored to specific compliance or security requirements.
+
 The Code Editor is a suitable option when you want to create complex custom policies that include both Attribute and Connection-State with a support of AND/OR logic. However, for custom secrets Code Editor supports only an OR logic.
 
 === How to Create Custom Policies
 
 [.procedure]
 
-.. Select *Policies > Add Policy > Config > Add Policy Details* and then select *Next*.
-//+
-//image::governance/code-editor.png
+. Select *Governance* > Add Policy > Config > Add Policy Details* and then select *Next*.
 +
-The Code Editor is as a default view with an example of a YAML template.
-+
-In this example, you see the YAML template with custom secrets where `secrets` is a `category`.
-//+
-//image::governance/code-editor-7.png
+The Code Editor provides a default view with an example of a YAML template. See <<#yml_attr,YAML Policy Attribute>> below for details of the YAML file attributes.
 
-.. Select *More Options* and then select *Clear Editor* to remove the YAML template example.
-//+
-//image::governance/code-editor-1.png
+. Select *More Options* and then select *Clear Editor* to remove the YAML template example.
 
-.. Add your custom YAML code.
+. Add your custom YAML code.
 
-.. Select *Test* to test your custom code.
+. Select *Test* to test your custom code.
 //+
 //image::governance/code-editor-2.png
 +
-For every test, the console displays up to 30 results. Each time you test your code, Prisma Cloud scans all integrated repositories to give you a list of up to 30 resources that match this custom code policy.
-//+
-//image::governance/code-editor-3.png
-+
-You can also review the results for more details on the impacted resource and misconfiguration.
-//+
-//In this example you see the contextualized information about an impacted resource from your custom code.
-//+
-//image::governance/code-editor-4.png
-+
-If there are errors in your custom code during a test, the console displays a solution.
-//+
-//In this example, you see solution for the errors from your code.
-//+
-//image::governance/code-editor-5.png
+Each test displays up to 30 results. Prisma Cloud scans all integrated repositories to identify resources that match your custom policy, providing a maximum of 30 results per test. You can review these results for detailed information about impacted resources and misconfigurations. If your custom code contains errors, the console will display suggested solutions.
 
-.. Select *Validate and Next* to access *Compliance Standards* to complete the custom Build-time check policy.
+
+. Select *Validate and Next* to access *Compliance Standards* to complete the custom Build-time check policy.
 //+
 //image::governance/code-editor-6.png
 +
 NOTE: You are in *Step 2* of Create Custom Policies for Build-Time Checks. You are required to complete the rest of the steps to see your new custom Build-time check policy on the Prisma Cloud console.
 
+[#yml_attr]
+=== YAML Policy Attributes
+
+The Yaml file includes the following arguments:
+
+* *guidelines*: Sets general rules for policy creation
+* *category*: Specifies the type of policy
+* *frameworks*: Identifies the applicable framework. If no framework is specified, the policy applies to all frameworks. If a framework is specified, the policy applies only to the selected framework
+* *scope*: Defines the level of applicability for the policy
+* *provider*: Specifies the cloud provider or source for the resources
+* *definition*: Contains the logic and conditions for the policy, including attributes, operators, and resource connections
+
+
 === Limitation
 
 Nesting connection condition types within a 'NOT' block is not currently supported.
@@ -425,3 +418,25 @@ definition:
     - "my-super-secret-password-regex"
 
 
+//+
+//image::governance/code-editor.png
+//+
+//In this example, you see the YAML template with custom secrets where `secrets` is a `category`.
+//+
+//image::governance/code-editor-7.png
+//+
+//image::governance/code-editor-1.png
+//+
+//image::governance/code-editor-3.png
+//+
+//You can also review the results for more details on the impacted resource and misconfiguration.
+//+
+//In this example you see the contextualized information about an impacted resource from your custom code.
+//+
+//image::governance/code-editor-4.png
+//+
+//If there are errors in your custom code during a test, the console displays a solution.
+//+
+//In this example, you see solution for the errors from your code.
+//+
+//image::governance/code-editor-5.png
diff --git a/...content-collections/governance/custom-build-policies/custom-build-policies.adoc b/...content-collections/governance/custom-build-policies/custom-build-policies.adoc
@@ -5,10 +5,14 @@ Prisma Cloud includes out-of-the-box policies that enable you to detect misconfi
 
 You can create custom build policies for the following frameworks:
 
-* *Terraform* - Policies written using Terraform attributes will apply for Terraform (.tf and plan files).
-* *Bicep*: Policies defined using Bicep resources and attributes will apply for tailored Azure Bicep resource governance.
-* *CloudFormation* - Policies written using CloudFormation attributes will apply for CloudFormation, AWS Serverless Application Model (SAM), and Cloud Development Kit (CDK).
-* *Kubernetes* - Policies written using Kubernetes attributes will apply for Kubernetes, Helm, and Kustomize.
+* *Terraform* - Policies written using Terraform attributes will apply for Terraform (.tf and plan files)
+* *Bicep*: Policies defined using Bicep resources and attributes will apply for tailored Azure Bicep resource governance
+* *ARM*: Policies defined using ARM resources and attributes will apply for Azure ARM resource governance
++
+NOTE: ARM and Bicep use the same policy syntax and can apply to both frameworks with a single attribute clause
+
+* *CloudFormation* - Policies written using CloudFormation attributes will apply for CloudFormation, AWS Serverless Application Model (SAM), and Cloud Development Kit (CDK)
+* *Kubernetes* - Policies written using Kubernetes attributes will apply for Kubernetes, Helm, and Kustomize
 
 An *AI & Machine Learning* category enables granular control over build configurations for machine learning and artificial intelligence workloads. This category can be leveraged in relevant dashboards through the IaC Category filter, facilitating streamlined policy management for AI resources.
 

diff --git a/...-collections/governance/custom-build-policies/custom-build-policy-examples.adoc b/...-collections/governance/custom-build-policies/custom-build-policy-examples.adoc
@@ -4,6 +4,7 @@ To create code-based policies for your infrastructure, use these examples as gui
 
 * <<bicep-example,Bicep Example>>
 * <<terraform-examples, Terraform Examples>>
+* <<arm-example,ARM Example>>
 * <<cloudformation-examples, Cloud Formation Examples>>
 * <<kubernetes-examples,Kubernetes Examples>>
 * <<ss-examples,Secrets Security Examples >>
@@ -56,6 +57,48 @@ definition:
               value: Enabled
 ----
 
+[#arm-example]
+=== ARM Example
+
+[source,yaml]
+----
+metadata:
+  name: "Ensure Azure Synapse Workspace has extended audit logs"
+  guidelines: "..."
+  category: "logging"
+definition:
+  and:
+    - cond_type: filter
+      attribute: resource_type
+      value:
+        - Microsoft.Synapse/workspaces
+      operator: within
+    - cond_type: connection
+      resource_types:
+        - Microsoft.Synapse/workspaces
+      connected_resource_types:
+        - Microsoft.Synapse/workspaces/extendedAuditingPolicies
+      operator: exists
+    - or:
+        - and:
+            - cond_type: attribute
+              resource_types:
+                - Microsoft.Synapse/workspaces/extendedAuditingPolicies
+              attribute: properties.state
+              operator: exists
+            - cond_type: attribute
+              resource_types:
+                - Microsoft.Synapse/workspaces/extendedAuditingPolicies
+              attribute: properties.state
+              operator: equals
+              value: Enabled
+        - cond_type: attribute  # This line is correctly indented
+          resource_types:
+            - Microsoft.Synapse/workspaces/extendedAuditingPolicies
+          attribute: properties.state
+          operator: not_exists
+----
+
 [#terraform-examples]
 === Terraform Examples
 

diff --git a/...edition/content-collections/governance/custom-build-policies/visual-editor.adoc b/...edition/content-collections/governance/custom-build-policies/visual-editor.adoc
@@ -57,7 +57,7 @@ Policies are categorized by type. Options include Elasticsearch, General, IAM, K
 
 . Select the target *Framework*.
 +
-NOTE: Framework options include: Terraform, Kubernetes, CloudFormation and Bicep.
+NOTE: Supported frameworks include Terraform, Kubernetes, CloudFormation, Bicep, and ARM. You can assign multiple frameworks to a single policy. For example, a policy can be configured to support both Bicep and ARM.
 
 . Select a *Cloud Provider*.