Decoder: Configuration View - Edit Policies Tab

Document created by RSA Information Design and Development Employee on Sep 8, 2020
Version 1Show Document
  • View in full screen mode
 

In the Edit Policies view ( (Configure) > Capture Policies > Edit, administrators can configure selective network data collection policies. The panels for creating a new policy and editing an existing policy are the same except that in the editing wizard, the definitions of the existing policy are displayed.

You can edit existing policies to customize them for your environment. A base set of protocols are available for alterations, allowing you to choose what level of capture you prefer on a per-protocol basis. If you are only making slight changes, a good start for customization is to clone one of the predefined polices and alter it.

Note: A set of predefined policies are available immediately. The only way you can edit a predefined policy is by assigning Decoders to the policy to collect the targeted data.

Workflow

The following figure shows the workflow for common Decoder configuration tasks with the steps you can complete in this view highlighted.

What do you want to do?

                                 
User RoleI want to...Documentation
Administrator create new policies from predefined ones* (Optional) Configure Selective Network Data Collection
Administratorcreate custom policies* (Optional) Configure Selective Network Data Collection
Administratorunpublish policies* (Optional) Configure Selective Network Data Collection
Administratordelete policies* (Optional) Configure Selective Network Data Collection

*You can complete these tasks here.

Related Topics

Quick Look

  1. To access the Edit Policy wizard, go to (Configure) > Capture Policies, select a policy, and click Edit.
    The Identify Policy page is displayed, where you can change the name and description of the policy.

  2. To view the Define Policy page, click Next.

  3. In the Define Policy page, you can define rule actions for the protocols for which you are interested in collecting data. The rule actions are:

    • Collect Meta Only: Collect metadata
    • Drop All: Drop metadata and network packets
    • Collect All: Collect metadata and network packets

    You can click Save and Close to save your policy without deploying it on Decoders.
    The following table describes the actions of the buttons on this page.

                                   
    ButtonDescription
    Previous Go to the previous page of the wizard
    Next Keep updates from the current page and go to the next page of the wizard.
    Save and Close Save the policy definitions without publishing the policy.
    Save and Publish Save the policy definitions and publish the policy to Decoders to begin data collection.
    Cancel Cancel the definitions and return to the Capture Policies tab.
  4. Click Next to go to the Assign Policy page.


    This is where you assign the policy to Decoders to capture the data. The following table describes the columns in this page.
  5.                                

    ColumnDescription
    Service Name The name of a service. For 11.5, Decoder is the only available service.
    Policy The policy that a Decoder is assigned to.
    Host The IP address or name of the host system for the Decoder.
    Service Type The type of service the policy is published to. For 11.5, the service type is decoder.
    Version The version of NetWitness Platform that is installed on the service host.

You are here
Table of Contents > Decoder and Log Decoder References > Services Config View - Edit Policies Wizard

Attachments

    Outcomes