This topic contains RSA recommended methodologies and tasks to help you successfully maintain the health (accessibility and performance) of the hosts and services in your Security Analytics domain.
Safeguarding Assets with RSA Supplied Policies
The purpose of theSecurity Analytics Out-of-the-Box Policies delivered with Security Analytics is to help you safeguarding your SA Domain assets immediately (before you configure rules for specific to your environment and your Security Policy).
RSA recommends that you Manage Policies to the appropriate asset owners for these policies as soon as possible. This will notify them when performance and capacity thresholds are crossed so they can take action immediately.
RSA also recommends that you evaluate the Core policies and disable a policy or change its service/group assignments according to your specific monitoring requirements.
Safeguarding Assets with Policies Based on Your Environment
RSA Core Policies are generic and may not provide sufficient monitoring coverage for your environment. RSA recommends that you gather issues over a period of time, not identified by the RSA Core Policies, and configure rules to help you prevent these issues.
Creating Rules and Notifications Judiciously
RSA recommends that you make sure that each rule and policy is necessary before you implement it, if possible. RSA also recommends that you review implemented policies or a regular basis for their validity. Invalid alarms and email notifications can adversely affect the focus of the asset owners.
RSA recommends that you review Troubleshooting Health & Wellness when you receive error messages in the user interface and log files from hosts and services.