Sys Maintenance: Manage Policies

Document created by RSA Information Design and Development on Sep 14, 2017Last modified by RSA Information Design and Development on Oct 13, 2017
Version 10Show Document
  • View in full screen mode
  

Policies are either user-defined or supplied by RSA. A policy defines:

  • Services and hosts to which the policy applies.
  • Rules that specify statistical thresholds that govern alarms.
  • When to suppress the policy.
  • Who to notify when an alarm triggers and when to notify them.

For the related reference topics, see NetWitness Suite Out-of-the-Box Policies

Note: You can now configure a policy to notify Public Key Infrastructure (PKI) certificate expiration status.

Add a Policy

  1. Go to ADMIN > Health & Wellness.
  2. Click Policies tab.

    The Policies view is displayed.

  3. Click in the Policies panel.

    A list of your hosts and services displays for which you can create health policies.

    Add Policy drop-down menu

  4. Select a host or service (for example, Concentrator).
    For PKI policy, you must select a host (for example, Host).
    The host or service is displayed in the Policies panel with a blank Policy Detail panel.

    New policy

  5. Enter a name for the Policy (for example, Concentrator Policy Status) in the Policies panel.

    Name the policy

    The name (for example, Concentrator Policy Status) is now displayed as the policy name in Policy Detail panel.

  6. Create a Policy in the Policy Detail panel:

    1. Select the Enable checkbox.
    2. Add relevant services (in this example, any relevant Concentrator services) that you want to monitor for health statistics.
      For PKI policy, you must select the LOCALHOST to monitor for health statistics.

    3. Add relevant rule conditions you want to configure for the policy.
    4. Suppress enforcement of the policy for the time periods you want.
    5. Add any email notifications you want for the policy.
    6. Click Save in the Policy Detail panel.

      The Policy is added.

       

Add Policy Example

Below is the high-level example for configuring PKI policy:

  1. Add a new PKI policy.

  2. Add a Rule with Statistics:

    • For CA Expiration

      Statistics for CA Expiration

    • For CRL Expiration

      Statistics for CRL Expiration

    • For CRL Status

      Statistics for CRL status

    • For Server Certificate Expiration

      Statistics for Server Certificate expiration

Edit a Policy

  1. Go to ADMIN > Health & Wellness.
  2. Click the Policies tab.

    The Policies view is displayed.

  3. Select a policy (for example, Concentrator Policy Status) under a host or service.

    The Policy Detail is displayed.

  4. Click Edit icon.

    The policy name (for example, Admin Server Monitoring Policy) and policy detail panel become editable.

  5. Make the required changes and click Save in the Policy Detail panel. You can:

    • Edit the Policy name.
    • Enable or disable the policy.
    • Add or delete hosts and services in the policy.
    • Add, delete or modify rules in the policy.
    • Add/Edit/Delete suppressions in the policy.
    • Add/Edit/Delete notifications in the policy.

Note: Save applies the policy rules based on the selection of enable/disable. It also resets the rule condition timers for changed rules, and the entire Policy.

Duplicate a Policy

  1. Go to ADMIN > Health & Wellness.
  2. Click the Policies tab.
  3. Select a policy (for example, Concentrator Policy Status) under a host or service.
  4. Click Duplicate icon.NetWitness Suite copies the policy and lists it with (1) appended to the original policy's name.

  5. Click Edit icon and rename the Policy [for example, rename Decoder Monitoring Policy(1) to New Concentrator Policy Status.

Note: A duplicated policy is disabled by default and the host and service assignments are not duplicated. Assign any relevant hosts and services to the duplicated policy before you use it to monitor health and wellness of the NetWitness Suite infrastructure.

Assign Services or Groups

To assign hosts or services to a policy:

  1. Go to ADMIN > Health & Wellness.
  2. Click the Policies tab.

    The Policies view is displayed.

  3. Select a policy (for example, First Policy) under a host or service.

    The Policy Detail is displayed.

  4. Click Add icon in the Services and Groups list toolbar.
  5. Choose one of the following actions:

    • For Hosts, select Groups or Hosts from the selection menu.
    • For Services, select Groups or Services from the selection menu.
  6. Depending on whether you are assigning services or groups, perform one of the following actions:

    • Groups, the Groups dialog is displayed from which you can select predefined groups of hosts or services.

      Groups dialog

    •  Services, the Services dialog is displayed from which you can select individual services.

      Services dialog

  7. Select the checkbox next to the groups or services you want to assign to the policy, click Select in the dialog, and click Save in the Policy Detail panel.

Note: Services are filtered for selection based on the type of policies. For example, you can only select concentrator services for a concentrator type policy.

Remove Services or Groups

To remove a host or service from a policy:

  1. Go to ADMIN > Health & Wellness.
  2. Click Policies tab.

    The Policies view is displayed.

  3. Select a policy under a service.

    The Policy Detail is displayed.

  4. Select a host or service.
  5. Click Delete.

    The host or service is removed from the policy.

Add or Edit a Rule

To add a rule to a policy:

  1. Go to ADMIN > Health & Wellness.
  2. Click the Policies tab.

    The Policies view is displayed.

  3. Select a policy (for example, Checkpoint) under a host or service.

    The Policy Detail is displayed.

  4. Depending on whether you are adding an existing rule or adding a rule, do the following:

    • To add: click Add icon in the Rules list toolbar.
    • To edit: select a rule from the Rules list and click Edit.
  5. Complete the dialog to define or update the rule.

  6. Add the Description field as shown in the following example.

    Add Rule with description added

  7. Click OK.

    The rule is added (or updated) to the policy.

Hide or Show Rule Conditions Columns

To hide or show rule conditions columns in the Rules panel:

  1. Go to ADMIN > Health & Wellness.
  2. Click Policies tab.

    The Policies view is displayed.

  3. Select a policy under a service.

    The Policy Detail is displayed.

  4. Go to the Rules panel.

    Rules panel

  5. Click v to the right of Category , select Columns, and uncheck the Static and Threshold rule conditions.

    You can check or uncheck any Rules column to show or hide it. 
    The Rules panel displays without the rule conditions.

Delete a Rule

To remove a host or service from a policy:

  1. Go to ADMIN > Health & Wellness.
  2. Click the Policies tab.
    The Policies view is displayed.
  3. Select a policy under a service.
    The Policy Detail is displayed.
  4. Select a rule from the Rules list (for example, Checkpoint).
  5. Click Delete.
    The rule is removed from the policy.

Suppress a Rule

  1. Click the Policies tab.
    The Policies view is displayed.
  2. Select a policy under a service.
    The Policy Detail is displayed. You can specify rule suppressions time ranges when you initially add it or you can edit the rule and specify suppression time ranges.
  3. Add or edit a rule.
  4. In the Rules Suppression panel of the Add or Edit Rule dialog, specify the days and time ranges during which you want the rule suppressed.

Suppress a Policy

  1. Add or edit a policy.
    The Policies view is displayed.
  2. In the Policy Suppression panel:
    1. Select a time zone from the Time Zone drop-down list.
      This time zone applies to the entire policy (both policy suppression and rule suppression). 
    2. Click  Add in the toolbar.
    3. Specify the days and time ranges during which you want the policy suppressed.

Add an Email Notification

To add an email notification to a policy:

  1. Add or edit a policy.
    The Policies view is displayed.
  2. In the Notification panel:
    • Click  Add in the toolbar.
      A blank EMAIL notification row is displayed.
    • Select the email:
      • Notification types in the Recipient column (see Configure Notification Outputs in the NetWitness Suite System Configuration Guide for the source of the values in this drop-down list).
      • Notification server in the Notification Server column (see Configure Notification Servers in the NetWitness Suite System Configuration Guide for the source of the values in this drop-down list).
      • Template server in the Template column (see Configure Notification Templates in the NetWitness Suite System Configuration Guidefor the source of the values in this drop-down list).

Note: Refer to Include the Default Email Subject Line if you want to include the default Email subject line from the Health & Wellness template in your Health & Wellness Email notifications for specified recipients.

Delete an Email Notification

To add an email notification to a policy:

  1. Add or edit a policy.
    The Policies view is displayed.
  2. In the Notification panel:
  1. Select an email notification.
  2. Click Delete.
    The notification is removed.
You are here
Table of Contents > Monitoring Health and Wellness of NetWitness Suite > Manage Policies

Attachments

    Outcomes