Use the following procedure to create your own custom policies.
Before you begin
To open the Policies page, select Policies in the main menu. Open this menu by clicking the main menu icon ())
Procedure
-
Click Create a policy.
- By default, the Create a custom policy tab is selected. In this
tab, enter a unique Name for the policy and then click
Create.
- You can add access rules, exception rules, and result-set (extrusion) rules. To add an
access rule, click Add an access rule in the Access
rules pane. To add an exception rule, click Add an exception rule
in the Exception rules pane. To add a result-set rule, click
Include result-set rules and then click Add a result-set
rule.
- To create a custom rule:
- Enter a unique name for the rule in the Name field.
- Set the rule conditions and the actions that will be taken when the conditions are met. To add
multiple conditions, click Add another condition - and to add multiple
actions, click Add another action.
Note:
- Access rules: Specifying a rule condition is optional. If you do not specify a rule
condition, the action that you choose will apply to all server requests observed by Guardium® Insights.
- Exception rules: You must set at least one Exception type rule
condition - and, thereafter, adding additional rule conditions is optional. During CCPA policy creation, exception rules use Default
SMTP.
- Result-set rules: You must set at least one Redaction pattern rule
condition and one Replacement character rule. Thereafter, adding additional
rule conditions is optional.
- For all rule types, if you specify a is in group or not in
group condition, you can select an existing group (by default). Alternatively, you can
click the Create a new group toggle to enter a new unique group name in the
field.
- Access rules and Exception rules only: When you have multiple rules defined in one
policy, the same event may meet the rule conditions in multiple rules in the same category. Guardium Insights processes rules in the order of rule sequence.
After a rule is matched and its actions are executed, you can choose to continue to subsequent
matched rules by selecting Continue evaluation - or you can choose to stop
the evaluation process by selecting Stop evaluation. The default is to stop
evaluation.
- Choose the Severity that violations of this rule should be assigned.
- Enter or choose one or more tags to assign to the rule. Tags are used when searching for
rules.
- Click OK
- To create a rule from a template:
- Select Use a template.
- Select a template and then complete or modify its settings in the same manner as is described
for creating a custom rule.
- To modify any rules that you have added, click the Edit link next
to it and then edit the rule as desired. To remove a rule, click the Delete
link next to it.
- Click Save policy to create the policy.
Results
When viewing the policy, you can expand individual rules to see
and edit their settings - or you can expand all rules by clicking Expand
rules (to hide the details of each rule, click Collapse
rules).
What to do next
After the policy has been created, you can perform these actions
in the Policies page:
- Each policy (except the default policy) has a menu next to it with these actions:
- Activate/Deactivate: Select this to enable or
disable the policy. When you activate a policy, the Activate policies dialog
box opens. This dialog box allows you to drag and drop all policies into your desired order. When
the policies are in the order that you want, click Activate.
- Copy: Click this to clone the policy. This is the only action that is
available for the default policy.
- Delete: Click this to delete the policy.
- If you select the checkbox next to one or more Risk Events, a banner opens with the actions that
are supported for all selected policies. Click Cancel to deselect policies
and close the banner.
- If you select a policy in the Policies page, it opens in the editor and you can edit its name
and its rules. If the policy that you are editing is already active, you will have the option to
save the policy and activate it again immediately (Save and activate) - or
you can use the Save as option to save the policy as a new inactive
policy.