Working with Classification Rule Actions

Procedure

  1. After a rule has been saved, click the (Customize) button for that rule to return to the rule definition panel, from which you can add one or more rule actions.
  2. Click the New Action button to open the Action panel.
  3. Enter an Action Name.
  4. Optionally enter a Description.
  5. Select an Action Type from the list. Depending on the action selected, a different set of fields will appear on the panel.
    • For the Ignore and Log Result actions, no additional information is needed.
      • Ignore - Do not log the match, and take no additional actions.
      • Log Result - Log the match, and take no additional actions.
    • For all other actions, additional fields will appear on the panel, and you will have to enter additional information.
      • Add To Group Of Object-Fields Action
      • Add To Group Of Objects Action
      • Create Access Rule Action
      • Create Privacy Set Action
      • Log Policy Violation Action
      • Send Alert Action
  6. After actions have been added to the Classification Rule panel, the controls in the table can be used to modify the actions defined.
  7. Click Accept when you are done working with the rule definition.
Parent topic: Classification

Add to Group of Object Fields Action

About this task

Each time the classification rule is matched, a member will be added to the selected Object-Field group on the Guardium system. You have the option of replacing all members, or adding new members.

For a database file, the object component of the member will be the database table name, and the field component will be the column name.

For an unstructured data file, the object component of the member will be the file name (in quotes), and the field component will be the column name, but if column names cannot be determined, the columns will be named column1, column2, etc.

Procedure

  1. Do one of the following:
    • Select an Object-Field Group from the list, or
    • Click the Groups button, define a new group using the Group Builder, and then select that group from the list.
  2. Optionally mark the Replace Group Content box to completely replace the membership of the selected group with members returned by this rule. By default, this box is not marked, which means that new members will be added to the group, but no members will be deleted. For a job that is run on demand, this box is ignored, and you are given the opportunity to add or replace members on the view results panel.
  3. Click the Save button to add the action to the rule definition, close the Action panel, and return to the rule definition panel.

Add to Group of Objects Action

About this task

Each time the classification rule is matched, a member will be added to the selected Object group on the Guardium system.

For a database file type, the member will be the database table name. For an unstructured file type, the member name will be the file name.

You have the option of replacing all entries, or only adding new entries.

Procedure

  1. Do one of the following:
    • Select an Object Group from the list, or
    • Click the Groups button, define a new group using the Group Builder, and then select that group from the list.
      Note: To use aliases with groups generated from Classifier - Open the Group Builder, select the Object group generated by Classifier and then click Modify. Click on the Aliases button in Group button to change the name of the Object Group.
  2. Optionally mark the Replace Group Content box to completely replace the membership of the selected group with members returned by this rule. By default, this box is not marked, which means that new members will be added to the group, but no members will be deleted. For a job that is run on demand, this box is ignored, and you are given the opportunity to add or replace members on the view results panel.
  3. From the Actual Member Content, select the naming convention that will be used when adding the member to the group where 'Full' is the schema.tablename and 'Name' is the tablename.
  4. Click Save to add the action to the rule definition, close the Action panel, and return to the rule definition panel.

Create Access Rule Action

About this task

Each time the classification rule is matched, an access rule will be inserted into an existing security policy definition. The updated security policy will not be installed (that task is performed separately, usually by a Guardium administrator).

Procedure

  1. Select an Access Policy from the list. You must be authorized to access that policy.
  2. Enter a rule name in the Rule Description box.
  3. Select an action from the Access Rule Action list.
  4. Optionally select a Commands Group, or click the Groups button, define a new Commands group using the Group Builder, and then select that Commands group from the list.
  5. To log field values separately, mark the Include Field checkbox. Otherwise, only the table will be recorded (the default).
  6. To include the server IP address, check the Include Server IP checkbox.
  7. If you have selected an alerting action, a Receiver row appears on the panel, and you must add at least one receiver for the alert. Click Modify Receivers to add one or more receivers.
  8. Click Accept to add the action to the rule definition, close the Action panel, and return to the rule definition panel.

Create Privacy Set Action

About this task

Each time the classification rule is matched, the selected privacy set's object-field list will be replaced.

For a database file, the object component of the privacy set will be the database table name, and the field component will be the column name.

For an unstructured data file, the object component of the privacy set will be the file name (in quotes), and the field component will be the column name, but if column names cannot be determined, the columns will be named column1, column2, etc.

Procedure

  1. Select the previously defined Privacy Set whose contents you want to replace.
  2. Click the Accept button to add the action to the rule definition, close the Action panel, and return to the rule definition panel.

Log Policy Violation Action

About this task

Each time the classification rule is matched, a policy violation will be logged. This means that classification policy violations will be logged (and can be reported) together with access policy violations (and optionally correlation alerts) that may have been produced.

Procedure

  1. Select a Severity code from the list.
  2. Click the Accept button to add the action to the rule definition, close the Action panel, and return to the rule definition panel.

Send Alert Action

About this task

Click the Accept button to add the action to the rule definition, close the Action panel, and return to the rule definition panel.

Procedure

  1. Select a Notification Type code from the list.
  2. Click the Modify Receivers button to add one or more receivers. The specified receiver will be get one mail per datasource per rule per action. So, if a datasource has three rules and each rule has two actions (that have at least one match), then the user will get 2 * 3 = 6 mails.
  3. Click the Accept button to add the action to the rule definition, close the Action panel, and return to the rule definition panel.