RSA Governance & Lifecycle Recipes: Rule Telemetry - Types
Originally Published: 2020-12-17
Version: V 7.2.x
Modules: Governance
Product Area: Charts, Multiple Series (Applied to Topic/Rules Dashboard)
Associated Dashboard:
Time to apply: ~30 minutes
Summary
This chart provides key information about type of rules within your environment. The chart uses data found in: avuser.PV_TELEMETRY_DATA. This means the data is always 1 day behind.
The goal of this chart is to understand the types of rules being used within your RSA IGL deployment.
The chart can be used by admins to understand the distribution of rule types.
Example Image (Click to enlarge)
Key Notes
- This chart/report/dashboard is supplied "as is" - any modification of this item is done at your own risk.
- If you have issues applying this chart/report/dashboard, please comment below for help, DO NOT contact the RSA Support team.
- If you would like more assistance with this chart/report/dashboard or for help in creating other chart/report/dashboards, then RSA Professional Services (RSA PS) is available to help.
- Please contact your RSA Account Manager or local RSA Sales Rep or reply below for further assistance.
Details
This chart displays the total types of rules.
As this chart uses the telemetry data found within v7.2x, some of the historical data trends wont be available, if you have upgraded from an older RSA IGL version.
Optional Changes to Dynamic Chart Values
This is how you can configure the chart, so it is useful for how you wish to view the data
- GROUPING: This allows you to group the data and display it based on the following date ranges. For example, you might want to show the data grouped per week, per quarter or per day. This will be up to you and your business needs.
For this chart, the recommendation is to use 'Monthly'You MUST ensure you use a single quote ', either side of the value, for this to work properly in the RSA IGL Chart UI. However, when testing this in SQL Developer, the single quote ' is NOT required.Please copy and paste these values exactly as shown below to change the chart:- 'Daily'
- 'Weekly'
- 'Monthly'
- 'Quarterly'
- 'Yearly'
- TotalDataPoints: This is how many results you want to display. It is a number and doesn't need any quotes. If you set this value to be 7, it would show 7 results. For example if you set "Grouping" to be 'Monthly' then you might want to set "TotalDataPoints" = 6, showing you the results for the past 6 months.
For this chart, the recommendation is to use 6, however it will depending on the screen size you have and how this looks.
We strongly recommend you do not specify too many values for "TotalDataPoints" otherwise it will not display well
Chart SQL
First test this in your query tool (SQLDeveloper, Toad etc..)
(select
tActiveSOD.starttime,
tActiveSOD.value as "SOD",
tActiveAC.value as "Attribute Change",
tActiveUA.value as "User Access",
tActiveTerm.value as "Termination"
from
(
SELECT
TO_CHAR(Tdates.dates, DECODE(trim( :GROUPING ) , 'Daily', 'YYYY-Mon-DD', 'Weekly', 'YYYY - "Week "WW', 'Monthly', 'YYYY - Month', 'Quarterly', 'YYYY - "Q"Q', 'Yearly', 'YYYY')) StartTime,
/*
Use count(t1.value) to count the number of rows based on your filters
Use max(t1.value) to get the maximum value on the specific date
Use sum(t1.value) to get the collective total of values on the specific date
*/
nvl(max(td.value), 0) VALUE
FROM
(
SELECT
CASE
/* if using avuser.PV_TELEMETRY_DATA then change sysdate to be sysdate-1. This is beacuse telemetry is calculated 1 day later */
WHEN :GROUPING = 'Daily' THEN trunc(sysdate-1, 'DD') - (LEVEL-1)
WHEN :GROUPING = 'Weekly' THEN trunc(sysdate-1, 'D') - (7 * (LEVEL-1))
WHEN :GROUPING = 'Monthly' THEN ADD_MONTHS(trunc(sysdate-1, 'MM'),-1 *(LEVEL-1))
WHEN :GROUPING = 'Quarterly' THEN ADD_MONTHS(trunc(sysdate-1, 'Q'),-3 *(LEVEL-1))
WHEN :GROUPING = 'Yearly' THEN ADD_MONTHS(trunc(sysdate-1, 'Y'),-12 *(LEVEL-1))
END dates
FROM
dual
CONNECT BY
LEVEL <= :TotalDataPoints
) Tdates
LEFT JOIN avuser.PV_TELEMETRY_DATA td
on td.CATEGORY = 'rules'
AND td.NAME =('activerules.Segregation of Duties.total')
/*
Use = to get values at the exact dates.
Use <= to get values on or before the exact date
*/
AND trunc(td."DAY", DECODE(:GROUPING ,'Daily','DD','Weekly','D','Monthly','MM','Quarterly','Q','Yearly','Y')) = Tdates.dates
GROUP BY Tdates.dates
ORDER BY Tdates.dates ASC
) tActiveSOD
left join
(
SELECT
TO_CHAR(Tdates.dates, DECODE(trim( :GROUPING ) , 'Daily', 'YYYY-Mon-DD', 'Weekly', 'YYYY - "Week "WW', 'Monthly', 'YYYY - Month', 'Quarterly', 'YYYY - "Q"Q', 'Yearly', 'YYYY')) StartTime,
/*
Use count(t1.value) to count the number of rows based on your filters
Use max(t1.value) to get the maximum value on the specific date
Use sum(t1.value) to get the collective total of values on the specific date
*/
nvl(max(td.value), 0) VALUE
FROM
(
SELECT
CASE
/* if using avuser.PV_TELEMETRY_DATA then change sysdate to be sysdate-1. This is beacuse telemetry is calculated 1 day later */
WHEN :GROUPING = 'Daily' THEN trunc(sysdate-1, 'DD') - (LEVEL-1)
WHEN :GROUPING = 'Weekly' THEN trunc(sysdate-1, 'D') - (7 * (LEVEL-1))
WHEN :GROUPING = 'Monthly' THEN ADD_MONTHS(trunc(sysdate-1, 'MM'),-1 *(LEVEL-1))
WHEN :GROUPING = 'Quarterly' THEN ADD_MONTHS(trunc(sysdate-1, 'Q'),-3 *(LEVEL-1))
WHEN :GROUPING = 'Yearly' THEN ADD_MONTHS(trunc(sysdate-1, 'Y'),-12 *(LEVEL-1))
END dates
FROM
dual
CONNECT BY
LEVEL <= :TotalDataPoints
) Tdates
LEFT JOIN avuser.PV_TELEMETRY_DATA td
on td.CATEGORY = 'rules'
AND td.NAME =('activerules.Attribute Change.total')
/*
Use = to get values at the exact dates.
Use <= to get values on or before the exact date
*/
AND trunc(td."DAY", DECODE(:GROUPING ,'Daily','DD','Weekly','D','Monthly','MM','Quarterly','Q','Yearly','Y')) = Tdates.dates
GROUP BY Tdates.dates
ORDER BY Tdates.dates ASC
) tActiveAC
on tActiveSOD.StartTime = tActiveAC.starttime
left join
(
SELECT
TO_CHAR(Tdates.dates, DECODE(trim( :GROUPING ) , 'Daily', 'YYYY-Mon-DD', 'Weekly', 'YYYY - "Week "WW', 'Monthly', 'YYYY - Month', 'Quarterly', 'YYYY - "Q"Q', 'Yearly', 'YYYY')) StartTime,
/*
Use count(t1.value) to count the number of rows based on your filters
Use max(t1.value) to get the maximum value on the specific date
Use sum(t1.value) to get the collective total of values on the specific date
*/
nvl(max(td.value), 0) VALUE
FROM
(
SELECT
CASE
/* if using avuser.PV_TELEMETRY_DATA then change sysdate to be sysdate-1. This is beacuse telemetry is calculated 1 day later */
WHEN :GROUPING = 'Daily' THEN trunc(sysdate-1, 'DD') - (LEVEL-1)
WHEN :GROUPING = 'Weekly' THEN trunc(sysdate-1, 'D') - (7 * (LEVEL-1))
WHEN :GROUPING = 'Monthly' THEN ADD_MONTHS(trunc(sysdate-1, 'MM'),-1 *(LEVEL-1))
WHEN :GROUPING = 'Quarterly' THEN ADD_MONTHS(trunc(sysdate-1, 'Q'),-3 *(LEVEL-1))
WHEN :GROUPING = 'Yearly' THEN ADD_MONTHS(trunc(sysdate-1, 'Y'),-12 *(LEVEL-1))
END dates
FROM
dual
CONNECT BY
LEVEL <= :TotalDataPoints
) Tdates
LEFT JOIN avuser.PV_TELEMETRY_DATA td
on td.CATEGORY = 'rules'
AND td.NAME =('activerules.User Access.total')
/*
Use = to get values at the exact dates.
Use <= to get values on or before the exact date
*/
AND trunc(td."DAY", DECODE(:GROUPING ,'Daily','DD','Weekly','D','Monthly','MM','Quarterly','Q','Yearly','Y')) = Tdates.dates
GROUP BY Tdates.dates
ORDER BY Tdates.dates ASC
) tActiveUA
on tActiveSOD.StartTime = tActiveUA.starttime
left join
(
SELECT
TO_CHAR(Tdates.dates, DECODE(trim( :GROUPING ) , 'Daily', 'YYYY-Mon-DD', 'Weekly', 'YYYY - "Week "WW', 'Monthly', 'YYYY - Month', 'Quarterly', 'YYYY - "Q"Q', 'Yearly', 'YYYY')) StartTime,
/*
Use count(t1.value) to count the number of rows based on your filters
Use max(t1.value) to get the maximum value on the specific date
Use sum(t1.value) to get the collective total of values on the specific date
*/
nvl(max(td.value), 0) VALUE
FROM
(
SELECT
CASE
/* if using avuser.PV_TELEMETRY_DATA then change sysdate to be sysdate-1. This is beacuse telemetry is calculated 1 day later */
WHEN :GROUPING = 'Daily' THEN trunc(sysdate-1, 'DD') - (LEVEL-1)
WHEN :GROUPING = 'Weekly' THEN trunc(sysdate-1, 'D') - (7 * (LEVEL-1))
WHEN :GROUPING = 'Monthly' THEN ADD_MONTHS(trunc(sysdate-1, 'MM'),-1 *(LEVEL-1))
WHEN :GROUPING = 'Quarterly' THEN ADD_MONTHS(trunc(sysdate-1, 'Q'),-3 *(LEVEL-1))
WHEN :GROUPING = 'Yearly' THEN ADD_MONTHS(trunc(sysdate-1, 'Y'),-12 *(LEVEL-1))
END dates
FROM
dual
CONNECT BY
LEVEL <= :TotalDataPoints
) Tdates
LEFT JOIN avuser.PV_TELEMETRY_DATA td
on td.CATEGORY = 'rules'
AND td.NAME =('activerules.Provisioning - Termination.total')
/*
Use = to get values at the exact dates.
Use <= to get values on or before the exact date
*/
AND trunc(td."DAY", DECODE(:GROUPING ,'Daily','DD','Weekly','D','Monthly','MM','Quarterly','Q','Yearly','Y')) = Tdates.dates
GROUP BY Tdates.dates
ORDER BY Tdates.dates ASC
) tActiveTerm
on tActiveSOD.StartTime = tActiveTerm.starttime
)
Example of the results:
Chart Implementation
- Log into RSA IGL as a user who can create charts. In my example, im using AveksaAdmin
- Go to "Reports" / "Charts"
- Select "+ Create Chart" button
- Under the "General Tab" add the following details:
- Name: Telemetry - Rule Types
- Description: From RSA IGL Link Community. This chart provides information on the types of rules within the enviroment. This chart uses data from avuser.PV_TELEMETRY_DATA which is collected nightly, so the data is always 1 day behind.
- Type = Multiple Series Chart
- Under the "Query" Tab, copy the SQL from above
- Update the 2 dynamic values as noted above, recommendation:
Grouping: 'Monthly'
TotalDataPoints: 6 - Press the "Preview" button, you should see some results, as per the example image below.
If you get an error at this stage, please test your SQL in a Query tool, like "SQL Developer" or "SQL Squirrel" to ensure it works first. If it still doesn't work, please share your SQL and a screen shot of the issue below. DO NOT contact RSA Support
- Under the "Columns" Tab, please use the configuration shown in the image below.
Notes:
- You can update the display name if you need
- You can also manually specify a colour for each value if you require
- Under the "Display Attributes" tab, you should select "Stacked Column 2D". Please also apply these settings, however you can update the wording with what is best for you.
- Under "Title and Axis Names"
- Caption: Rule Types
- X Axis Name: Date
- Y Axis Name: Total
- Under "Functional attributes"
- Select "Animation" = ticked
- Select "Show Labels" = ticked
- Under "Title and Axis Names"
There are MANY other "display attributes" you can play with on this screen, so please update and make changes as you see fit.
