Policies View

The required permission to access this view is Manage services.

What do you want to do?

Role I want to ... Show me how
Administrator View the policies NetWitness Server and Services Manage Policies
Administrator Add, Edit, Duplicate, and Delete Policies Manage Policies

Quick Look

The figure depicts the Policies view.

netwitness_121_polvw_1122_750x348.png

1 Policies Panel
2 Policy Detail Panel
  1. Go to netwitness_adminicon_25x22.png (Admin) > Health & Wellness.
  2. Click the Policies tab.

Policies Panel

In the Policies panel, you can add or delete policies for hosts and services in this panel.

Feature Description
netwitness_ic-adddrop.png Displays available service types to create a new policy. Select one so that you can define a policy or policies for it.
netwitness_delete_icon.png Deletes the selected policy from the Policies panel. You can only delete one policy at a time.
netwitness_edit.png Allows you to change the name of the policy.
netwitness_duplicate_button.png Creates a copy of the selected policy. For example, if you select First Policy and click netwitness_duplicate_button.png, NetWitness creates a copy of this policy and names it First Policy (1).
netwitness_expand.png Expands the list of policies under the services and hosts in the Policies panel.
netwitness_collapse.png Contracts the list of policies under the services and hosts in the Policies panel.

List of:

  • Services and hosts for which you have defined policies.
  • NetWitness standard policies that you can apply to hosts and services.

Policy Detail Panel

The Policy Detail panel displays the policy selected from the Policies panel.

Feature Description
Save Saves any changes you made in this panel.
Policy Type Displays the type of policy you selected.
Modified Date Displays the last date this policy was modified.
netwitness_checkbox_icon_new.png Enable Enables or disables the policy.
Services
netwitness_ic-addlist.png

Displays menu in which you select:

  • Groups to display the Groups dialog from which you select service groups to this policy.
  • Service/Host to display the Services/Hosts dialog from which you select services to add to this policy. If the policy type is Host, the menu displays Host (and not Service). You can select services based on policy type.
netwitness_delete_icon.png Deletes the selected service or group from this policy.
Rules
netwitness_add.png Displays the Add Rule dialog in which you define a rule for this policy.
netwitness_delete_icon.png Deletes the selected rule from this policy.
netwitness_edit.png Displays the Edit Rule dialog for the selected rule.
Policy Suppression
netwitness_add.png Adds a policy suppression timeframe row.
netwitness_delete_icon.png Deletes the selected policy suppression timeframe row.
Time Zone Selects the time zone for the Policy from the drop-down list. This time zone applies to both Policy Suppression and Rule Suppression.
netwitness_checkbox_icon_new.png Selects the checkbox to select a policy suppression timeframe row.
Days Days of the week that you want to suppress the policy according to the time range specified. Click on the day of the week that you want to suppress the policy. You can select any combination of days including all days.
Time Range Time range during which the policy is suppressed for the days selected.
Notification
netwitness_add.png Adds an EMAIL notification row.
netwitness_delete_icon.png Deletes the selected policy suppression timeframe row.
Notification Settings Opens the Notification Servers view in which you can define the Email notification settings.
netwitness_checkbox_icon_new.png Selects a policy suppression time frame row.
Output

The type of notification defined on the Global Notifications page. Can be email, SNMP, Syslog, or Script.

Recipient

The name of the person receiving the notification.

Notification Server Selects the EMAIL notification server. See "Configure Notification Servers" in the System Configuration Guide for the source of the values in this drop-down list.
Template

Selects the Template for this EMAIL notification. NetWitness provides the Health & Wellness Default SMTP Template and the alarms template. See" Configure Notification Templates"in the System Configuration Guide for the source of the other values in this drop-down list.

Note: Refer to Include the Default Email Subject Line if you want to include the default Email subject line from the Health & Wellness template in your Health & Wellness Email notifications for specified recipients.

Groups dialog

Feature Description
Groups panel
Name

Displays the service groups you have defined. You can select:

  • All to display all your services in the Services panel.
  • A group to display the services in comprise that group in the Services panel.
Services panel
Name Displays the name of the service.
Host Displays the host on which the service is running.
Type Displays the type of service.

Rules Dialog

Feature Description
netwitness_checkbox_icon_new.png Enable

Enables or disables the rule for this policy.

Name Describes the name of the rule.
Description

Describes the rule. Include the following information in this field.

  • Informational description - purpose of the rule and what problem it monitors.

  • Remediation - steps to take to resolve the condition that triggers the alarm for this rule.

Severity

Defines the severity of the rule. Valid values are:

  • Critical
  • High
  • Medium
  • Low
Statistic

Defines the statistics you want to check with this rule. You can select:

  • Statistical category from the left drop-down list.
  • Statistic from the right drop-down list.

Note: For Public Key Infrastructure (PKI) policy, select PKI in the category and statistics as any one of the following:
- NetWitness Server PKI Certificate Expiration - Displays the time left before the certificate expires.
- NetWitness Server PKI CRL Expiration - Displays the time left before the Certificate Revocation List (CRL) expires.
- NetWitness Server PKI CRL Status - Displays the current status of the CRL.

Refer to the System Stats Browser View for examples of the statistics you may want to check with a rule.

Alarm Threshold

Defines he threshold of the rule that triggers the policy alarm:

  • Amount

    Note: For CRL expiry the supported format is ddddhhmm, for example:
    - 10000 represents 1 day
    - 2359 represents 23 hours and 59 minutes
    - 10023 represents 1 day and 23 minutes
    - 3650100 represents 365 days and 1 hour

  • Time in minutes
Recovery

Defines when to clear the threshold of the rule:

  • Operator

  • Amount
  • Time in minutes
Rule Suppression
netwitness_add.png Adds a rule suppression timeframe row.
netwitness_delete_icon.png Deletes the selected rule suppression time frame row.
netwitness_checkbox_icon_new.png Selects a rule suppression time frame row.
Time Zone: time-zone Displays the Policy time zone. You select the time zone for a policy in the Policy Suppression panel.
Days Defines days of the week that you want to suppress the rule according to the time range specified. Click on the day of the week that you want to suppress the rule. You can select any combination of days including all days.
Time Range Defines the time range during which the rule is suppressed for the days selected.

Threshold Operators

The Alarm Threshold and Recovery Threshold fields in the Rules dialog prompt you for either numeric or string operators based on the statistic criteria you specify.

Numeric operators drop-down menu: netwitness_numdd.png String operators drop-down menu: netwitness_stringdd.png