Policies view
This figure depicts the Policies view.
How to Access
The required permission to access this view is Manage services.
- In the Security Analytics menu, select Administration > Health & Wellness.
- Click the Policies tab.
Policies Panel
In the Policies panel, you can add or delete policies for hosts and services in this panel.
Policy Detail Panel
The Policy Detail panel displays the policy selected from the Policies panel.
Feature | Description |
---|---|
Save | Saves any changes you made in this panel. |
Policy Type | Displays the type of policy you selected. |
Modified Date | Displays the last date this policy was modified. |
![]() | Select and deselect this checkbox to enable and disable the policy. |
Services | |
![]() |
|
![]() | Deletes the selected service or group from this policy. |
Rules | |
![]() | Displays the Add Rule dialog in which you define a rule for this policy. |
![]() | Deletes the selected rule from this policy. |
![]() | Displays the Edit Rule dialog for the selected rule. |
Policy Suppression | |
![]() | Adds a policy suppression timeframe row. |
![]() | Deletes the selected policy suppression timeframe row. |
Time Zone | Select the time zone for the Policy from the drop-down list. This time zone applies to both Policy Suppression and Rule Suppression. |
![]() | Select the checkbox to select a policy suppression timeframe row. |
Days | Days of the week that you want to suppress the policy according to the time range specified. Click on the day of the week that you want to suppress the policy. You can select any combination of days including all days. |
Time Range | Time range during which the policy is suppressed for the days selected. |
Notifications | |
![]() | Adds a EMAIL notification row. |
![]() | Deletes the selected policy suppression timeframe row. |
Notification Settings | Opens the Notification Servers view in which you can define the Email notification settings. |
![]() | Select the checkbox to select a policy suppression timeframe row. |
Type | Display EMAIL. EMAIL is the only type of notification available in this release. |
Notification | Select the type of EMAIL notification. See Configure Notification Types in the System Configuration Guide for the source of the values in this drop-down list. |
Notification Server | Select the EMAIL notification server. See Configure Notification Servers in the System Configuration Guide for the source of the values in this drop-down list. |
Template | Select the Template for this EMAIL notification. RSA provides the Health & Wellness Default SMTP Template and the alarms template. See Configure Notification Templatesin the System Configuration Guide for the source of the other values in this drop-down list. Note: Please refer to Include the Default Email Subject Line if you want to include the default Email subject line from the Health & Wellness template in your Health & Wellness Email notifications for specified recipients. |
Groups dialog
Feature | Description |
---|---|
Groups panel | |
Name | Displays the service groups you have define. Select:
|
Services panel | |
Name | Displays the name of the service. |
Host | Displays the host on which the service is running. |
Type | Displays the type of service. |
Rules Dialog
Feature | Description |
---|---|
![]() | Select and deselect this checkbox to enable and disable the rule for this policy. |
Name | Enter the name of the rule. |
Description | Added this field in Security Analytics 10.5.0.1. Enter the description of the rule. RSA suggests that you include the following information in this field.
|
Severity | Select the severity of the rule. Valid values are:
|
Statistic | Select the statistics you want to check with this rule. Select a:
Note: For Public Key Infrastructure (PKI) policy, select PKI in the category and statistics as any one of the following: SA Server PKI Certificate Expiration - Displays the time left before the certificate expires. SA Server PKI CRL Expiration - Displays the time left before the Certificate Revocation List (CRL) expires. SA Server PKI CRL Status - Displays the current status of the CRL. Please refer to the System Stats Browser View for examples of the statistics you may want to check with a rule. |
Alarm Threshold | Define the threshold of the rule that will trigger the policy alarm:
Note: For CRL expiry the supported format is ddddhhmm, for example:
|
Recovery | Define the when to clear the threshold of the rule:
|
Rule Suppression | |
![]() | Adds a rule suppression timeframe row. |
![]() | Deletes the selected rule suppression timeframe row. |
![]() | Select the checkbox to select a rule suppression timeframe row. |
Time Zone: time-zone | Displays the Policy time zone. You select the time zone for a policy in the Policy Suppression panel. |
Days | Days of the week that you want to suppress the rule according to the time range specified. Click on the day of the week that you want to suppress the rule. You can select any combination of days including all days. |
Time Range | Time range during which the rule is suppressed for the days selected. |
In Security Analytics 10.5.0.1, RSA added threshold operator support as described in the following Threshold Operators section.
Threshold Operators
The Alarm Threshold and Recovery Threshold fields in the Rules dialog prompt you for either numeric or string operators based on the statistic criteria you specify.
For more information on policies, see Security Analytics Out-of-the-Box Policies topic.