Decoder: Configuration View - Capture Policies Tab

Document created by RSA Information Design and Development Employee on Sep 8, 2020
Version 1Show Document
  • View in full screen mode
 

In the Capture Policies tab ( (Configure) > Capture Policies, administrators can configure selective network data collection policies.

Selective network data collection gives administrators the ability to apply centrally managed capture policies across their Network Decoders. This results in better use of Decoder resources, including hard drive space, which leads to more predictable costs and lessens the burden of managing multiple services. You can determine which traffic is stored and how it is stored by using policies. Each policy contains a list of supported base protocols and definitions for handling any other protocols that are detected. The administrator can choose to deploy predefined policies that capture:

  • All base and other protocols (Full Capture - All Protocols)
  • Only metadata on all base and other protocols (Capture Meta Only - All Protocols)
  • Only metadata on all base protocols and drop all other protocols (Capture Meta on Base Protocols, Drop all other protocols)
  • All base protocols and only metadata on all other protocols (Full Capture on Base Protocols, Meta only on all other protocols)

The predefined policies are not configurable. The only way you can edit predefined policies is by assigning services (such as Decoders) to deploy them.

Administrators can create custom policies to give further control over the deployment. A base set of protocols is available for alterations by the administrator, allowing you to choose what level of capture you prefer on a per-protocol basis. If you are only making slight changes, a good start for customization is to clone one of the predefined polices and alter it. These centrally managed policies are then applied to services (Network Decoders) to allow handling multiple use cases across your environment.

Workflow

The following figure depicts the workflow for common Decoder configuration tasks with the steps you can complete in this view highlighted.

What do you want to do?

                                           
User RoleI want to...Documentation
Administrator use predefined selective collection policies*(Optional) Configure Selective Network Data Collection
Administrator create new policies from predefined ones* (Optional) Configure Selective Network Data Collection
Administratorcreate custom policies* (Optional) Configure Selective Network Data Collection
Administratorverify policies (Optional) Configure Selective Network Data Collection
Administratorunpublish policies* (Optional) Configure Selective Network Data Collection
Administratordelete policies* (Optional) Configure Selective Network Data Collection

*You can complete these tasks here.

Related Topics

Quick Look

This is an example of the Capture Policies tab.

                     
1Create New - Provides a wizard to create a new policy.
2Edit - Provides a wizard to edit an existing custom policy.
3Clone - Selects an existing policy (predefined or custom) and copies it to create a new policy.
4Delete - Removes policies.

The following table describes the contents of the Capture Policies tab.

                                           
Column Description

Policy Name

The name of the policy (not editable for predefined policies).

Policy Description

The description of the policy (not editable for predefined policies).

Publication Status
  • Unpublished: policies that have not been deployed to Decoders yet.
  • Unpublished Edits: policies that have been updated but are not deployed to Decoders. Clicking Save and Close after making edits keeps them from automatically being published, allowing the administrator to wait until a specific outage window to publish them. This would display as Unpublished (for policies not previously published to Decoders) or Unpublished Edits (for policies that have been previously published to Decoders, but the updates have not been deployed to Decoders).
  • Published: policies which have been deployed to Decoders.
  • Failed: policies that failed to execute, for example, if a Decoder is offline or a system is down. For information about how to troubleshoot failed policies, see "Troubleshooting Policy Deployments That Fail" in (Optional) Configure Selective Network Data Collection.
Service Assignment Identity of the Decoder or service on which the policy is run.
Policy Updated Date the policy was edited.
Updated By Role of the person who updated the policy.
Policy Created Date on which the policy was created.
Created ByRole of the person who created the policy.

You are here
Table of Contents > Decoder and Log Decoder References > Services Config View - Capture Policies Tab

Attachments

    Outcomes