SysMaint: Policies View

Document created by RSA Information Design and Development on Jul 29, 2016Last modified by Susan Ewald on Nov 1, 2016
Version 2Show Document
  • View in full screen mode
 

This figure depicts the Policies view.

AddPolicyCompleted.PNG

How to Access

The required permission to access this view is Manage services.

  1. In the Security Analytics menu, select Administration >Health & Wellness.
  2. Click the Policies tab.

Policies Panel

In the Policies panel, you can add or delete policies for hosts and services in this panel.

Policy Detail Panel

The Policy Detail panel displays the policy selected from the Policies panel.

                                                                                  
FeatureDescription
SaveSaves any changes you made in this panel.
Policy TypeDisplays the type of policy you selected.
Modified DateDisplays the last date this policy was modified.
Checkbox.png EnableSelect and deselect this checkbox to enable and disable the policy.
Services
addlList.PNGDisplays GrpsSvcsDrpDwnMnu.PNG menu.  Select:
  • Groups to display the Groups dialog from which you select service groups to this policy.
  • Service/Host to display the Services/Hosts dialog from which you select services to add to this policy. If policy type is Host, the menu will have Host not Service. You can select services based on policy type.
Icon_Delete_sm.pngDeletes the selected service or group from this policy.
Rules
Icon-Add.pngDisplays the Add Rule dialog in which you define a rule for this policy.
Icon_Delete_sm.pngDeletes the selected rule from this policy.
icon-edit.pngDisplays the Edit Rule dialog for the selected rule.
Policy Suppression
Icon-Add.pngAdds a policy suppression timeframe row. 
Icon_Delete_sm.pngDeletes the selected policy suppression timeframe row.
Time ZoneSelect the time zone for the Policy from the drop-down list.  This time zone applies to both Policy Suppression and Rule Suppression.
Checkbox.pngSelect the checkbox to select a policy suppression timeframe row.
DaysDays of the week that you want to suppress the policy according to the time range specified. Click on the day of the week that you want to suppress the policy.  You can select any combination of days including all days.
Time RangeTime range during which the policy is suppressed for the days selected.
Notifications
Icon-Add.pngAdds a EMAIL notification row. 
Icon_Delete_sm.pngDeletes the selected policy suppression timeframe row.
Notification SettingsOpens the Notification Servers view in which you can define the Email notification settings.
Checkbox.pngSelect the checkbox to select a policy suppression timeframe row.
TypeDisplay EMAIL.  EMAIL is the only type of notification available in this release.
NotificationSelect the type of EMAIL notification.  See Notification Outputs Overview in System Configuration for the source of the values in this drop-down list.
Notification ServerSelect the EMAIL notification server. See Configure Notification Servers in System Configuration for the source of the values in this drop-down list.
TemplateSelect the Template for this EMAIL notification. RSA provides the RSA Health & Wellness Email Templates. See Configure Templates for Notifications in System Configuration for the source of the other values in this drop-down list.

Note: Please refer to Include the Default Email Subject Line if you want to include the default Email subject line from the Health & Wellness template in your Health & Wellness Email notifications for specified recipients.

Groups dialog

                     
FeatureDescription
Groups panel
NameDisplays the service groups you have define. Select:
  • All to display all your services in the Services panel.
  • A group to display the services in comprise that group in the Services panel.
Services panel
NameDisplays the name of the service.
HostDisplays the host on which the service is running.
TypeDisplays the type of service.

Rules dialog

                                              
FeatureDescription
Checkbox.png EnableSelect and deselect this checkbox to enable and disable the rule for this policy.
NameEnter the name of the rule.
Description

Added this field in Security Analytics 10.5.0.1. 

Enter the description of the rule. RSA suggests that you include the following information in this field. 

Informational description - purpose of the rule and what problem it monitors.

  • Remediation - steps to take to resolve the condition that triggers the alarm for this rule.

SeveritySelect the severity of the rule. Valid values are:
   Critical
   High

   Medium
   Low
StatisticSelect the statistics you want to check with this rule. Select a:
  • statistical category from the left drop-down list.
  • statistic from the right drop-down list.
Please refer to the System Stats Browser View for examples of the statistics you may want to check with a rule. 
Alarm ThresholdDefine the threshold of the rule that will trigger the policy alarm:
  • operator:
    • For Security Analytics 10.5 (=, !=, <, <=>, or  >=
    • For Security Analytics 10.5.0.1 and later (See Threshold Operators)
  • amount
  • time in minutes
RecoveryDefine the when to clear the threshold of the rule:
  • operator:
    • For Security Analytics 10.5 (=, !=, <, <=>, or  >=
    • For Security Analytics 10.5.0.1 and later (See Threshold Operators)
  • amount
  • time in minutes
Rule Suppression
Icon-Add.pngAdds a rule suppression timeframe row. 
Icon_Delete_sm.pngDeletes the selected rule suppression timeframe row.
Checkbox.pngSelect the checkbox to select a rule suppression timeframe row.
Time Zone: time-zoneDisplays the Policy time zone.  You select the time zone for a policy in the Policy Suppression panel.
DaysDays of the week that you want to suppress the rule according to the time range specified. Click on the day of the week that you want to suppress the rule.  You can select any combination of days including all days.
Time RangeTime range during which the rule is suppressed for the days selected.

In Security Analytics 10.5.0.1, RSA added threshold operator support as described in the following Threshold Operatorssection.

Threshold Operators

The Alarm Threshold and Recovery Threshold fields in the Rules dialog prompt you for either numeric or string operators based on the statistic critera you specify.

    
Numeric operators drown-down menu: Operators.PNGString operators drop-down menu: RegExOperators.PNG
You are here: References > Health and Wellness > Reporting: Policies View

Attachments

    Outcomes