Sys Maintenance: Manage Policies

Document created by RSA Information Design and Development on Nov 23, 2016Last modified by RSA Information Design and Development on Aug 2, 2017
Version 10Show Document
  • View in full screen mode
  

Policies are either user-defined or supplied by RSA. A policy defines:

  • Services and hosts to which the policy applies.
  • Rules that specify statistical thresholds that govern alarms.
  • When to suppress the policy.
  • Who to notify when an alarm triggers and when to notify them.

For the related reference topics, see Security Analytics Out-of-the-Box Policies

Note: You can now configure a policy to notify Public Key Infrastructure (PKI) certificate expiration status.

Procedures

Add a Policy

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Click Policies tab.
    The Policies view is displayed.
  3. Click addlList.PNG in the Policies panel.
    A list of your hosts and services displays for which you can create health policies.
    AddService.PNG
  4. Select a host or service (for example, Concentrator).
    For PKI policy, you must select a host (for example, Host).
    The host or service is displayed in the Policies panel with a blank Policy Detail panel.
    BlankPolicyDetailPanel.PNG
  5. Enter a name for the Policy (for example, Concentrator Policy Status) in the Policies panel.
    AddPolicyName.PNG
    The name (for example, Concentrator Policy Status) is now displayed as the policy name in Policy Detail panel.
  6. Create a Policy in the Policy Detail panel:
    1. Select the Enable checkbox.
    2. Add relevant services (in this example, any relevant Concentrator services) that you want to monitor for health statistics.
      For PKI policy, you must select the LOCALHOST to monitor for health statistics.
    3. Add relevant rule conditions you want to configure for the policy.
    4. Suppress enforcement of the policy for the time periods you want.
    5. Add any email notifications you want for the policy.
    6. Click Save in the Policy Detail panel.
      The Policy is added.
      AddPolicyCompleted.PNG

 

Below is the high-level example for configuring PKI policy:

  1. Add a new PKI policy.

  2. Add a Rule with Statistics:

    • For CA Expiration

    • For CRL Expiration

    • For CRL Status

    • For Server Certificate Expiration

Edit a Policy

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Click Policies tab.
    The Policies view is displayed.
  3. Select a policy (for example, Concentrator Policy Status) under a host or service.
    The Policy Detail is displayed.
  4. Click icon-edit.png.
    The policy name (for example, Concentrator Performance Status) and policy detail panel become editable.
    EditPolicy.PNG
     
  5. Make the required changes and click Save in the Policy Detail panel. You can:
  • Edit the Policy name.
  • Enable or disable the policy.
  • Add or delete hosts and services in the policy.
  • Add, delete or modify rules in the policy.
  • Add/Edit/Delete suppressions in the policy.
  • Add/Edit/Delete notifications in the policy.

Note: Save applies the policy rules based on the selection of enable/disable. It also resets the rule condition timers for changed rules, and the entire Policy.

Duplicate a Policy

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Click Policies tab.
    The Policies view is displayed.
  3. Select a policy (for example, Concentrator Policy Status) under a host or service.
  4. Click CopyPolicyBtn.PNG.
    Security Analytics copies the policy and lists it with (1) appended to the original policy's name.
  5. Click icon-edit.png and rename the Policy [for example, rename Concentrator Policy Status (1) to Concentrator Policy Status 2.

Note: A duplicated policy is disabled by default and the host and service assignments are not duplicated.
Please assign any relevant hosts and services to the duplicated policy before you use it to monitor health and wellness of the Security Analytics infrastructure.

Assign Services or Groups

To assign hosts or services to a policy:

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Click Policies tab.
    The Policies view is displayed.
  3. Select a policy (for example, First Policy) under a host or service.
    The Policy Detail is displayed.
  4. Click Icon-Add.png in the Services  and Groups list toolbar.
  5. For:
    • Hosts, select Groups or hosts from the selection menu.
    • Services, select Groups or Services from the selection menu.
    If you selected:
    • Groups, the Groups dialog is displayed from which you can select predefined groups of hosts or services.
      GroupsDialog.PNG
    •  Services, the Services dialog is displayed from which you can select individual services.
      SvcsDialog.PNG
  6. Select the checkbox next to the groups or services you want to assign to the policy, click Select in the dialog, and click Save in the Policy Detail panel.

Note: Services are filtered for selection based on the type of policies. For example, you can only select concentrator services for a concentrator type policy.

Remove Services or Groups

To remove a host or service from a policy:

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Click Policies tab.
    The Policies view is displayed.
  3. Select a policy under a service.
    The Policy Detail is displayed.
  4. Select a host or service.
    delsvc1.PNG
  5. Click Icon_Delete_sm.png.
    The host or service is removed from the policy.
    delsvc2.PNG

Add a Rule

To add a rule to a policy:

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Click Policies tab.
    The Policies view is displayed.
  3. Select a policy (for example, Checkpoint) under a host or service.
    The Policy Detail is displayed.
  4. Click Icon-Add.png in the Rules list toolbar.
    The Add Rule dialog is displayed.
  5. Complete the dialog to define the rule.
    AddRule.PNG

    In Security Analytics 10.5.0.1, add the Description field as shown in the following example.
     AddRule10-5-01.PNG
  6. Click OK.
    The rule is added to the policy.
    newrule.PNG

Edit a Rule

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Click Policies tab.
    The Policies view is displayed.
  3. Select a policy under a host or service.
    The Policy Detail is displayed.
  4. Select a rule from the Rules list and click icon-edit.png.
    The Edit Rule dialog is displayed.
    EditRule.PNG
    In  Security Analytics 10.5.0.1, added the Description field in as shown in the following example.
    EditRule10-5-01.PNG
     
  5. Make the required changes and click Save.

Hide/Show Rule Conditions

To hide or show rule conditions:

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Click Policies tab.
    The Policies view is displayed.
  3. Select a policy under a service.
    The Policy Detail is displayed.
  4. Go to the Rules panel.
    newrule.PNG
  5. Click hideShowDownArrow.PNG to the the right of Category and uncheck the Static and Threshold rule conditions.
    You can check or uncheck any Rules column to show or hide it. 
    hide_show_rule_conditions.PNG
    The Rules panel displays without the rule conditions.
    hide_show_rule_conditions_after.PNG

Delete a Rule

To remove a host or service from a policy:

  1. In the Security Analytics menu, select Administration > Health & Wellness.
  2. Click Policies tab.
    The Policies view is displayed.
  3. Select a policy under a service.
    The Policy Detail is displayed.
  4. Select a rule from the Rules list (for example, Checkpoint).
    deleterule1.PNG
  5. Click Icon_Delete_sm.png.
    The rule is removed from the policy.

Suppress a Rule

  1. Click the Policies tab.
    The Policies view is displayed.
  2. Select a policy under a service.
    The Policy Detail is displayed. You can specify rule suppressions time ranges when you initially add it or you can edit the rule and specify suppression time ranges.
  3. Add or edit a rule.
  4. In the Rules Suppression panel of the Add or Edit Rule dialog, specify the days and time ranges during which you want the rule suppressed.  In the following example, the rule is suppressed on Sundays from 12AM to 12:30AM and on Saturdays from 2:30AM to 3:30 AM.
    supprule2.PNG

Suppress a Policy

  1. Add or edit a policy.
    The Policies view is displayed.
  2. In the Policy Suppression panel:
    1. Select a time zone from the Time Zone drop-down list.
      This time zone applies to the entire policy (both policy suppression and rule suppression). 
    2. Click  Icon-Add.png in the toolbar.
    3. Specify the days and time ranges during which you want the policy suppressed.  In the following example, the policy is suppressed on Fridays from 7:30AM to 7:45AM.
      suppPol.PNG

Add an Email Notification

To add an email notification to a policy:

  1. Add or edit a policy.
    The Policies view is displayed.
  2. In the Notification panel:
    • Click  Icon-Add.png in the toolbar.
      A blank EMAIL notification row is displayed.
      BlnkEMailNotif.PNG
    • Select the email:
      • Notification types in the Notification column (see Configure Notification Outputs in the RSA Security Analytics System Configuration Guide for the source of the values in this drop-down list).
      • Notification server n the Notification Server column (see Configure Notification Servers in the RSA Security Analytics System Configuration Guide for the source of the values in this drop-down list).
      • Template server n the Notification Server column (see Configure Notification Templates in the RSA Security Analytics System Configuration Guidefor the source of the values in this drop-down list).

CmpltdEMailNotif.PNG

Note: Please refer to Include the Default Email Subject Line if you want to include the default Email subject line from the Health & Wellness template in your Health & Wellness Email notifications for specified recipients.

Delete an Email Notification

To add an email notification to a policy:

  1. Add or edit a policy.
    The Policies view is displayed.
  2. In the Notification panel:
  1. Select an email notification.
    CmpltdEMailNotif.PNG
  2. Click Icon_Delete_sm.png.
    The notification is removed.
You are here
Table of Contents > Monitor Health and Wellness of Security Analytics > Manage Policies

Attachments

    Outcomes