Guardium®
Insights SaaS provides templates from which you
can create common policies.
Before you begin
StandardPremium This feature is available only in the Standard and Premium editions of
Guardium
Insights SaaS.
To open the Policies page, select Policies in the main menu. Open this menu by clicking the main menu icon ())
Procedure
-
Click Create a policy.
- Select Use a template and then choose the template that suits your
needs.
- Any template that you choose requires you to specify a unique Name
for the policy. Some templates require additional information. For example, the Monitor
common compliance scenarios template requires you to specify which groups the policy
applies to - and it requires that you set up alerts for the policy. After you have completed the
policy creation settings, click Create.
- When the template is loaded, you can see the access and rules that are defined by the
template. You can modify these as desired - or you can add more rules (you can edit or delete any of
the predefined template rules - or you can add more rules). To add an access rule, click
Add an access rule in the Access rules pane. To add an
exception rule, click Add an exception rule in the Exception
rules pane. To add a result-set rule, click Include result-set
rules and then click Add a result-set rule.
- To create a custom rule:
- Enter a unique name for the rule in the Name field.
- Set the rule conditions and the actions that will be taken when the conditions are met. To add
multiple conditions, click Add another condition - and to add multiple
actions, click Add another action.
Note:
- Access rules: Specifying a rule condition is optional. If you do not specify a rule
condition, the action that you choose will apply to all server requests observed by Guardium
Insights SaaS.
- Exception rules: You must set at least one Exception type rule
condition - and, thereafter, adding additional rule conditions is optional. During CCPA policy creation, exception rules use Default
SMTP.
- Result-set rules: You must set at least one Redaction pattern rule
condition and one Replacement character rule. Thereafter, adding additional
rule conditions is optional.
- For all rule types, if you specify a is in group or not in
group condition, you can select an existing group (by default). Alternatively, you can
click the Create a new group toggle to enter a new unique group name in the
field.
- Access rules and Exception rules only: When you have multiple rules defined in one
policy, the same event may meet the rule conditions in multiple rules in the same category. Guardium
Insights SaaS processes rules in the order of rule sequence.
After a rule is matched and its actions are executed, you can choose to continue to subsequent
matched rules by selecting Continue evaluation - or you can choose to stop
the evaluation process by selecting Stop evaluation. The default is to stop
evaluation.
- Choose the Severity that violations of this rule should be assigned.
- Enter or choose one or more tags to assign to the rule. Tags are used when searching for
rules.
- Click OK
- To create a rule from a template:
- Select Use a template.
- Select a template and then complete or modify its settings in the same manner as is described
for creating a custom rule.
- Click Save policy.
Results
When viewing the policy, you can expand individual rules to see
and edit their settings - or you can expand all rules by clicking Expand
rules (to hide the details of each rule, click Collapse
rules).
What to do next
After the policy has been created, you can perform these actions
in the Policies page:
- Each policy (except the default policy) has a menu next to it with these actions:
- Activate/Deactivate: Select this to enable or
disable the policy. When you activate a policy, the Activate policies dialog
box opens. This dialog box allows you to drag and drop all policies into your desired order. When
the policies are in the order that you want, click Activate.
- Copy: Click this to clone the policy. This is the only action that is
available for the default policy.
- Delete: Click this to delete the policy.
- If you select the checkbox next to one or more Risk Events, a banner opens with the actions that
are supported for all selected policies. Click Cancel to deselect policies
and close the banner.
- If you select a policy in the Policies page, it opens in the editor and you can edit its name
and its rules. If the policy that you are editing is already active, you will have the option to
save the policy and activate it again immediately (Save and activate) - or
you can use the Save as option to save the policy as a new inactive
policy.