Policy Browser
The Policy Browser enables you to manage policies. A policy is the general framework that enables you to define a threshold for a device group. A threshold is the value that triggers an alert or a trap. The Threshold Browser enables you to define standalone thresholds that apply to a single device.
To access the Policy Browser from the navigation bar, click the Events menu, select Configuration, and then select Policy Browser.
The Welcome Dashboard provides a Policies link to access the Policy Browser.
Filter
Filters enable you to limit the policies that appear in the list. Filters are optional and cumulative.
Options
The Options section provides the following filters.
- Select the Severity check box, then click the drop-down and select a comparison operator. Click the second drop-down and select a severity.
- Click the Enabled drop-down.
- Select Any to display both enabled and disabled policies.
- Select Enabled to display only policies that are enabled.
- Select Disabled to display only policies that are disabled.
- Click the Technology Type drop-down.
- Select All to display all policies.
- Select Flow to display policies that trigger based on flow data.
- Select Metric to display policies that trigger based on non-flow data.
- Select the Webhook check box to allow you to filter policies that have Webhook configured on trigger (Trigger Conditions), clear (Clear Conditions), or both. The default is both (Trigger and Clear Conditions).
Search
The Search section allows the search capability based on the following.
- In the Search Text field, enter text that appears in the policy name and/or the policy description and/or the policy folder name and select the corresponding Policy Name and/or Description and/or Policy Folder Name check box.
- In the Search ID field, enter a policy identifier and select the Policy ID option or enter a threshold identifier and select the Threshold ID option.
Specify
The Specify section provides the following filters. Most selections are dependent on the preceding selection.
- Select All to display all policies.
- Select Flow to display policies that trigger based on flow data.
- Select Metric to display policies that trigger based on non-flow data.
- Click Please select a grouping drop-down to select one of the following options.
- Select Device Groups then click the corresponding drop-down and select a device group/device type.
- Select Object Groups then click the corresponding drop-down and select an object group.
- Click Please select a grouping drop-down to select one of the following options.
- Select Device Groups then click the corresponding drop-down and select a device group/device type.
- Select Object Groups then click the corresponding drop-down and select an object group.
- Click the Direction drop-down to choose one of the following options - Any, Ingress, or Egress.
- Click the Aggregated View drop-down and choose an option from the list provided.
- Click Please select a grouping drop-down to select one of the following options.
- Select Device Groups then click the corresponding drop-down and select a device group/device type.
- Select Object Groups then click the corresponding drop-down and select an object group.
- Click the Plugin drop-down and select the plugin that polls the indicator for the policy you seek.
- Click the Object Type drop-down to choose an object type based on the plugin selected.
- Click the Subtypes drop-down and choose a subtype from the list provided.
- Click the Indicators drop-down and choose an indicator from the list provided.
Buttons
- Click Apply Filter button to apply the filter settings.
- Click Clear Filter button to remove all filters and to display all policies in the list.
- Click on to collapse or to uncollapse the Filter section.
Policy Folder
By default, all policies created are placed in the All Policies > Default folder. When you have a setup with a fresh install or an upgrade to a future release, in addition to the Default folder, you also have the Selfmon Alerts folder containing Selfmon policies.
Default folder has read-write capabilities.
Selfmon Alerts folder is read-only. Policies in this folder cannot be deleted or moved from this folder to another. However, you can disable a policy if you want to prevent it from generating alerts for it.
All Policies, Default, and Selfmon Alerts folders cannot be renamed or deleted.
Click on to create a new folder.
A folder/sub-folder cannot be deleted if it contains policies. You must delete the policies in the folder/sub-folder before it can be deleted.
New folders added have read-write capabilities and policies can be added or moved into it. To rename the folder name, place the cursor on the folder name and click on . You will be prompted to edit the folder name. To delete the folder, place the cursor on the folder name and click on . You will be prompted to confirm the deletion of the folder.
Policies
This section provides a list of existing policies. It allows you to create new policies, modify existing ones, and provides the capability to create webhook definitions and assign them to the policies.
Create Policy
Click to create a new policy. Please refer to Policy Editor for details.
Delete Selected
Select one or more policy IDs in the list and click to delete the policies selected.
Webhook Definitions
Click to create / configure, modify, or delete webhook definitions. For details, please refer to Webhook Definition Manager.
Assign Webhooks
To understand Assign Webhooks feature, let's assume you have 7 webhook definition ids (1, 2, 3, 4, 5, 6, and 7) created. Of these 7 webhook definition ids, only 4 webhook definition ids, 1, 2, 3, and 6 are for Type = Policy.
In Used In column, you will see no policies for all 4 webhook definitions where Type = Policy. This means that these webhook definitions have not been assigned to any policy yet.
Click to assign webhook definitions to the policies selected. Below you will find a few scenarios.
Scenario# 1
- Select policy ID 5 and click to assign webhook definition ids 1, 2, and 3 to it. Webhook Definition ID 6 is not assigned
to policy ID 5.
- You will get the following pop-up with a list of 4 webhook definitions available.
- The Search field allows you to search from the list of webhook definitions available in the table below.
- Field Apply To - select Trigger or Clear check box to apply the webhook definition to Trigger or Clear conditions respectively.
- Select Override Cluster Setting check box to override the setting in
Administration > Cluster Manager > tab Cluster Settings >
Alerts subtab > field One Webhook per Alert.
- Only send on first trigger check box is available only when Override Cluster Setting check box is selected. This allows you to override the setting configured cluster-wide. New setting is applied to the selected policies only. When this check box is selected, it will send webhook only on the first trigger of an alert. However, when unchecked, it will send a webhook for every occurrence of an alert even if an alert already exists for that triggered threshold.
- Select webhook definition ids 1, 2, and 3 to assign to policy id 5.
- Click Save and you will get a pop-up.
- Click Ok to overwrite the webhook definitions currently assigned to policy id 5 with webhook definition ids 1, 2, and 3.
- Click Review Changes to review the policy webhooks association before overwriting policy
id 5. A pop-up appears.Note: Since this is the first time webhook definition(s) are being assigned to policy id 5, there are no Existing Definitions for it.
Click Done after reviewing the details. If you want to continue with the assignment of the webhook definitions to the policies selected, click Ok to save or Cancel to exit.
If you clicked the Ok button, you will see that policy id 5 has icon in Flags column for policy id 5. This indicates that policy id 5 now has webhook definition ids 1, 2, and 3 assigned to it.
To confirm this, click row with policy id 5 > in Actions column click . Choose tab Trigger Conditions.
Important: You will see that Policy ID 5 has Webhook Definition IDs 1, 2, and 3 assigned to it.
Webhook Definition ID 6 is available but not used.
Scenario# 2
- Assume you have assigned webhook definition ids 1 and 3 to policy id 40. Please see Scenario# 1 for details on how to assign webhooks. To confirm this,
click row with policy id 40 > in Actions column click . Choose tab Trigger Conditions.Important: You will see that Policy ID 40 has Webhook Definition IDs 1 and 3 assigned to it.
Webhook Definition IDs 2 and 6 are available but not used.
Post following steps in Scenario# 1 and Scenario# 2, from Events drop-down > select Configuration and then, select Webhook Definition Manager to confirm that webhook definition ids have been assigned to the policies.
- Webhook Definition ID 1 has 2 Policies in column Used In. This is because 2 policies, 5 and 40, have been assigned to this ID.
- Webhook Definition ID 2 has 1 Policies in column Used In. This is because only one policy, 5, has been assigned to this ID.
- Webhook Definition ID 3 has 2 Policies in column Used In. This is because 2 policies, 5 and 40, have been assigned to this ID.
- Webhook Definition ID 6 has no policies assigned to it.
Scenario# 3
In Scenario# 1, policy id 5 has been assigned webhook definition ids 1, 2, and 3. Let's say you want to remove webhook definition id 3 from policy id 5.
- Select policy ID 5 and click .
- You will get the following pop-up with a list of 4 webhook definitions available.
- Select webhook definition ids 1 and 2 to assign to policy id 5.
- Click Save and you will get a pop-up.
- Click Ok to overwrite the webhook definitions currently assigned to policy id 5 with webhook definition ids 1 and 2.
- Click Review Changes to review the policy webhooks association before overwriting policy
id 5. A pop-up appears.Note: In column Existing Definitions, you will see that webhook definition ids 1, 2, and 3 are currently assigned to policy id 5 and in column New Definitions, you are now assigning only webhook definition ids 1 and 2 to policy id 5.
Click Done after reviewing the details. If you want to continue with the assignment of the webhook definitions to the policies selected, click Ok to save or Cancel to exit.
Let's assume you have clicked the Ok button to overwrite policy id 5 with webhook definition ids 1 and 2. To confirm this, click row with policy id 5 > in Actions column click . Choose tab Trigger Conditions.
Important: You will see that Policy ID 5 has Webhook Definition IDs 1 and 2 assigned to it.
Webhook Definition IDs 3 and 6 are available but not used.
Search
The search capability allows user to search the table for the word enter in the field.
List of Policies
The table provides a list of policies created with the following columns.
- ID - Displays the internal identifier for the policy.
- Policy Name - Displays the policy name.
- Description - Displays the policy description.
- Technology Type - Displays Flow for policies triggered by flow data or displays Metric for policies triggered by all other non-flow data.
- Severity - Displays the severity level for alerts the policy triggers.
- Flags - Displays flags when you define the policy to be emailed or to be scheduled or if
the webhook exists.
- - Schedule
- - Webhook
- In addition to the data columns, the following controls appear in the Actions column.
- or click a policy name - Click to access the Policy Editor page.
- - Click to delete the selected policy.
Other
Click . If no policy ID is selected, you will only be able to choose Create Policy to create a new policy. All other options from the drop-down will be unavailable.
If you select an existing policy and click , you will be able to manage the selected policy and other options such as, Edit, Enable/Disable, Delete, Assign Webhooks, and Clear Webhooks, from the drop-down will be available.
- Select Create Policy to create a new policy on the Policy Editor.Note: Create Policy is only available when a folder under Policy Folder > All Policies is selected.
- Select Edit to edit an existing policy on the Policy Editor.
- Select Enable to enable the policies you select.
- Select Disable to disable the policies you select. Disabled policies display in light text and do not trigger alerts or traps.
- Select Delete to delete the policies you select.
- Select Assign Webhooks to assign webhook(s) to the policies selected. A pop-up appears; you can apply one or more webhooks to the selected policies. Webhook definitions must be created before they can be applied. To configure webhook definitions, please refer to Webhook Definition Manager for details. For details on Assign Webhooks, please refer to section Assign Webhooks above.
- Select Clear Webhooks to clear webhook(s) assigned to the policies selected. A pop-up
appears to confirm the deletion of the webhook(s) assigned to the policies selected. Click
Yes to confirm the deletion and No to cancel the deletion.