Sys Maintenance: Policies View

Document created by RSA Information Design and Development on Nov 23, 2016•Last modified by RSA Information Design and Development on Aug 2, 2017

Version 10Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Policies view

This figure depicts the Policies view.

How to Access

The required permission to access this view is Manage services.

In the Security Analytics menu, select Administration > Health & Wellness.
Click the Policies tab.

Policies Panel

In the Policies panel, you can add or delete policies for hosts and services in this panel.

Feature	Description
	Displays available service types to create a new policy . Select one so that you can define a policy or policies for it.
	Deletes the selected policy from the Policies panel. You can only delete one policy at a time.
	Allows you to change the name of the policy.
	Creates a copy of the selected policy. For example, if you select First Policy and click , Security Analytics creates a copy of this policy and names it First Policy (1).
	Expands the list of policies under the services and hosts in the Policies panel.
	Contracts the list of policies under the services and hosts in the Policies panel.
	List of: services and hosts for which you have defined policies. RSA standard policies that you can apply to hosts and services.

Policy Detail Panel

The Policy Detail panel displays the policy selected from the Policies panel.

Feature	Description
Save	Saves any changes you made in this panel.
Policy Type	Displays the type of policy you selected.
Modified Date	Displays the last date this policy was modified.
Enable	Select and deselect this checkbox to enable and disable the policy.
Services
	Displays menu. Select: Groups to display the Groups dialog from which you select service groups to this policy. Service/Host to display the Services/Hosts dialog from which you select services to add to this policy. If policy type is Host, the menu will have Host not Service. You can select services based on policy type.
	Deletes the selected service or group from this policy.
Rules
	Displays the Add Rule dialog in which you define a rule for this policy.
	Deletes the selected rule from this policy.
	Displays the Edit Rule dialog for the selected rule.
Policy Suppression
	Adds a policy suppression timeframe row.
	Deletes the selected policy suppression timeframe row.
Time Zone	Select the time zone for the Policy from the drop-down list. This time zone applies to both Policy Suppression and Rule Suppression.
	Select the checkbox to select a policy suppression timeframe row.
Days	Days of the week that you want to suppress the policy according to the time range specified. Click on the day of the week that you want to suppress the policy. You can select any combination of days including all days.
Time Range	Time range during which the policy is suppressed for the days selected.
Notifications
	Adds a EMAIL notification row.
	Deletes the selected policy suppression timeframe row.
Notification Settings	Opens the Notification Servers view in which you can define the Email notification settings.
	Select the checkbox to select a policy suppression timeframe row.
Type	Display EMAIL. EMAIL is the only type of notification available in this release.
Notification	Select the type of EMAIL notification. See Configure Notification Types in the System Configuration Guide for the source of the values in this drop-down list.
Notification Server	Select the EMAIL notification server. See Configure Notification Servers in the System Configuration Guide for the source of the values in this drop-down list.
Template	Select the Template for this EMAIL notification. RSA provides the Health & Wellness Default SMTP Template and the alarms template. See Configure Notification Templatesin the System Configuration Guide for the source of the other values in this drop-down list. Note: Please refer to Include the Default Email Subject Line if you want to include the default Email subject line from the Health & Wellness template in your Health & Wellness Email notifications for specified recipients.

Groups dialog

Feature	Description
Groups panel
Name	Displays the service groups you have define. Select: All to display all your services in the Services panel. A group to display the services in comprise that group in the Services panel.
Services panel
Name	Displays the name of the service.
Host	Displays the host on which the service is running.
Type	Displays the type of service.

Rules Dialog

Feature	Description
Enable	Select and deselect this checkbox to enable and disable the rule for this policy.
Name	Enter the name of the rule.
Description	Added this field in Security Analytics 10.5.0.1. Enter the description of the rule. RSA suggests that you include the following information in this field. Informational description - purpose of the rule and what problem it monitors. Remediation - steps to take to resolve the condition that triggers the alarm for this rule.
Severity	Select the severity of the rule. Valid values are: Critical High Medium Low
Statistic	Select the statistics you want to check with this rule. Select a: statistical category from the left drop-down list. statistic from the right drop-down list. Note: For Public Key Infrastructure (PKI) policy, select PKI in the category and statistics as any one of the following: - SA Server PKI Certificate Expiration - Displays the time left before the certificate expires. - SA Server PKI CRL Expiration - Displays the time left before the Certificate Revocation List (CRL) expires. - SA Server PKI CRL Status - Displays the current status of the CRL. SA Server PKI Certificate Expiration - Displays the time left before the certificate expires. SA Server PKI CRL Expiration - Displays the time left before the Certificate Revocation List (CRL) expires. SA Server PKI CRL Status - Displays the current status of the CRL. Please refer to the System Stats Browser View for examples of the statistics you may want to check with a rule.
Alarm Threshold	Define the threshold of the rule that will trigger the policy alarm: operator: For Security Analytics 10.5 (=, !=, <, <=, >, or >=) For Security Analytics 10.5.0.1 and later (See Threshold Operators below) amount Note: For CRL expiry the supported format is ddddhhmm, for example: - 10000 represent 1 day - 2359 represent 23 hours and 59 minutes - 10023 represent 1 day and 23 minutes - 3650100 represent 365 days and 1 hour time in minutes
Recovery	Define the when to clear the threshold of the rule: operator: For Security Analytics 10.5 (=, !=, <, <=, >, or >=) For Security Analytics 10.5.0.1 and later (See Threshold Operators below) amount time in minutes
Rule Suppression
	Adds a rule suppression timeframe row.
	Deletes the selected rule suppression timeframe row.
	Select the checkbox to select a rule suppression timeframe row.
Time Zone: time-zone	Displays the Policy time zone. You select the time zone for a policy in the Policy Suppression panel.
Days	Days of the week that you want to suppress the rule according to the time range specified. Click on the day of the week that you want to suppress the rule. You can select any combination of days including all days.
Time Range	Time range during which the rule is suppressed for the days selected.

In Security Analytics 10.5.0.1, RSA added threshold operator support as described in the following Threshold Operators section.

Threshold Operators

The Alarm Threshold and Recovery Threshold fields in the Rules dialog prompt you for either numeric or string operators based on the statistic criteria you specify.

Numeric operators drown-down menu: