Policies Tab
The (CONFIGURE) > Policies view contains two tabs: Configuration and Content.
Below is an example of the Content > Policies tab:
The following table describes the Policies tab.
1
|
By default, 50 policies are displayed per page. To go to the next page, click . To go to the last page, click .
|
2 |
Toolbar:
-
Create New - Lets you create a new policy. For more information, see Create a policy.
-
Edit - Lets you edit the policy. For more information, see Edit a Policy.
-
Publish - Publishes selected policy or policies.
-
More Actions:
-
Assign to Group --Lets you assign policy to a group.
-
Clone - Lets you clone a policy.
-
Revert to - Lets you view the previous policy versions and revert policy to any previous version.
Note: - The current version of the policy is disabled. - This option is disabled either if no policy is selected or multiple policies are selected.
-
- Lets you name a policy version when you revert the policy.
-
Delete - Deletes the selected group or groups permanently.
-
Force Publish - Lets you republish all the content irrespective of the policy status. This option allows you to re-push all content or configurations to all services in the group. Some of the scenarios where you might want to force publish the policy are:
-
There was a service that was down or did not successfully receive content when it was first pushed out.
-
Some content may have been modified or removed locally on a service (outside of CCM control) and you want to re-apply the content from the policy.
|
3 |
Policy List Pane:
-
Name - Name of the policy.
-
Description - Description of the policy.
-
Groups - Lists the group to which this policy is applied.
-
Policy Status - Status of the policy. The values are: Published, Unpublished, Failed, N/A.
-
Last Updated - Displays the time when the policy is updated.
-
Updated By - The user who updated the policy. You can also sort on any column. If you mouse over a column header, a sort icon is displayed: . Click the icon to sort by the selected column.
|
4
|
Policy List - Side Pane:
-
Publish Policy - Lets you publish all the unpublished and/or failed content. For more information, see Create a policy.
-
Edit Policy - Lets you edit the policy. For more information, see Edit a Policy.
-
View Details - Lets you view the complete policy details.
-
Expand the sections Overview, Application Rule, Bundle, Feed, Lua Parser and History to view the details of the policy.
-
The table contains details such as Policy Version, Version Name and Published By.
|
5 |
Policy Details Panel:
Displays the properties of the selected policy.
Toolbar:
-
Publish Policy - Lets you publish all the unpublished and/or failed content. For more information, see Create a policy.
-
Edit Policy - Lets you edit the policy. For more information, see Edit a Policy.
-
Delete Policy - Deletes the selected policy or policies permanently.
-
Force Publish - Lets you republish all the content irrespective of the policy status.
Policy Details Pane:
-
Order - Order of the content. Click to sort and display the content in the ascending order. Click to sort and display the content in descending order. This field is applicable only for Application Rule and Network Rule tabs.
-
Rule Name - Name of the rule. The rule name will be unique. This field is applicable only for Application Rule and Network Rule tabs.
-
Rule Value - The rule value. It is the value written to the alert meta. The rule value can be duplicate. You can clone existing rules with different rule names, but with same rule value. This field is applicable only for Application Rule and Network Rule tabs.
-
Name - The content name. This field is applicable only for Feed, Log Device and Parser tabs.
-
Type - The type of parser. For example, Lua Parser or Native Parser. This field is applicable only for Parser tab.
Note: The following Native Parsers are now managed through CCM and will be automatically added to the Policy on group addition by default: - ALERTS - GeoIP - VlanGre - logparser - feedparser
-
Medium - Meta data source medium.
-
Severity - The severity of content. For example, Low, Medium, High or Critical. This field is applicable only for Application Rule and Event Stream Analysis Rule tabs.
-
Last Updated - Displays the time when the content is last updated.
-
Subscription - Indicates if the content is subscribed or unsubscribed.
-
Status - The status of resource.
-
- Filter the list of displayed content in the policy details view based on the name, medium, source type, enabled/disabled status, subscription status, severity, resource created date, and last updated date. Following are the fields available in the filter panel:
-
Name - If you set the filter option to Contains operator from the drop-down list and start typing the name of the content rules, a list of content rules that contain that character is displayed, as you continue to type the list is filtered to match. If you set the filter option to Equals operator from the drop-down list and enter the full name, the particular content type will be displayed.
-
Medium - Select one or more mediums from the drop-down list. The available options are 'endpoint', 'log', 'log and packet' and 'packet'.
-
Source Type - Select one or more sources from the drop-down list. The available options are 'Custom' and 'Live'.
-
Enabled/Disabled Status - Select one or more statuses from the drop-down list. The available options are 'Enabled' and 'Disabled'. This field is not applicable for Event Stream Analysis Rule content type.
-
Subscription - Select one or more statuses from the drop-down list. The available options are 'Subscribed' and 'Unsubscribed'.
-
Severity - Select the severity from the drop-down list. The available options are 'Low', 'Medium', 'High' and 'Critical'. This field is applicable only for Application Rule and ESA content type.
-
Resource Created Date - Select the resource created date range.
-
Last Update Date - Select the last update date range.
-
Subscribe - Lets you subscribe for the content if it is unsubscribed.
-
Unsubscribe - Lets you unsubscribe for the content if it is subscribed.
-
Enable - Lets you enable the content for the policy.
-
Disable - Lets you disable the content from the policy.
-
- Move the content down the order.
-
- Move the content up the order.
|
Below is an example of the Create Content Policy dialog.
The table describes the information and options in the Create Policy dialog:
Field |
Description |
Policy Name |
Name of the policy. The name should be unique. |
Policy Description (Optional) |
Description of the policy. Description should not exceed 8000 characters. |
Define Policy Settings:
Field |
Description |
Available Content |
Displays the available content resources in your deployment. Click expand the resource type.
The following describes resource type:
-
Name - Name of the resource.
-
Medium - Meta data source medium. Available values for medium are as follows:
-
Endpoint: applied to content that uses meta derived from endpoint agent and endpoint server data
-
Log: applied to content that uses meta derived from log data
-
Packet: applied to content that uses meta derived from network packets
-
Log and packet: applied to content that correlates meta derived across log and packet data
-
Created - Displays the time when the resource is created
-
Last Updated - Displays the time when the resource is updated last.
-
Action- Click + to add the resource and its dependencies to your deployment.
-
- Click to add all content based on the resource type.
-
- Filter the available content based on the following parameters:
-
Resource Types - The resource or the content type.
-
Medium - Meta data source medium. Available values for medium are as follows:
-
Endpoint: Applied to content that uses meta derived from endpoint agent and endpoint server data
-
Log: Applied to content that uses meta derived from log data
-
Packet: Applied to content that uses meta derived from network packets
-
Log and packet: Applied to content that correlates meta derived across log and packet data
-
Resource Created Date - The date on which the content was created.
-
Resource Modified Date - The date on which the content was modified.
-
Reset - Reset the fields.
-
Search - Conveniently search the available content.
|
Selected Content |
Lists the selected resource.
Additionally, you can subscribe the content. Once the content is subscribed, the content resources are updated automatically in case of any changes.
|
Assign to Group:
Group List |
Displays the list of groups associated with the policy. A group is disabled if it is already assigned to another policy.
-
Group Name
-
Policies
-
Services
-
Action
|
|
Click to create new group. |
Selected Group |
Lists the selected groups. Click to add groups. |
Save and Close |
Saves the settings and closes the Create Policy dialog. |
Save and Publish |
Saves and publishes the created policy.
Note: This option is disabled if: - Policy settings are not customized. - Policy is not assigned to groups.
|