Creating a FAM policy rule from the Investigative Dashboard Entitlements tab

You can use the monitored data, such as datasource names, user names, actions, and file paths, in the Investigation Dashboard Results Table to create policy rules.

Before you begin

Procedure

  1. Choose File from the dropdown list in the product banner and click the search icon to open the Investigation Dashboard for file data.
  2. Open the Results Table Entitlements tab. Click Details to see individual entries.
  3. Choose one or more entries in the results that you want to use to populate a rule. You can use the Select all check box to include all the entries that are currently displayed (not all the entries in the database).
  4. Right-click and choose Add Policy Rule.
    The Build Rule dialog opens with values from the entries that you selected. If you selected multiple entries, a group is created that contains the values from those entries. You can create a rule that is to be added to an existing policy, or create a new policy that includes your new rule.
    Note: A overly broad rule (a rule that monitors too many files) can overload the system and increase processing and response time.
    Note: A FAM rule can have more than one pattern in it. To protect both a directory and its contents, define a rule with two patterns /FAMtest/* and /FAMtest.
    Note: When using FAM policy, setting a group to define monitored file paths requires either consideration of case sensitivity. Otherwise the group cannot be created successfully. The workaround is to create two different FAM policy rules. Clarification - If strings defined as members of group are different without considering case sensitive, the group can be created successfully. For example: 1. C:\ABC 2. C:\abcdef. If strings defined as members of group are same without considering case sensitive, the group can NOT be created. For example: 1. C:\ABC 2. C:\abc So it is not required to input members with all upper case characters or all lower case characters. Group builder is not case sensitive. However, in UNIX, which is case sensitive, the path /IBM/Guardium is different from the path /ibm/guardium. If the user wants to monitor both of these paths, the current Group builder has a limitation and will not see it as the same path.
  5. Choose datasources, actions, and criteria. Overwrite any values that you want to change. Click Edit to modify each field.
  6. To create a new policy and install it, click Create and Install. To create the policy but not install it, click OK.