Policy Browser

The Policy Browser enables you to manage policies. A policy is the general framework that enables you to define a threshold for a device group. A threshold is the value that triggers an alert or a trap. The Threshold Browser enables you to define standalone thresholds that apply to a single device.

To access the Policy Browser from the navigation bar, click the Events menu, select Configuration, and then select Policy Browser.

The Welcome Dashboard provides a Policies link to access the Policy Browser.

policybrowser

Filter

Filters enable you to limit the policies that appear in the list. Filters are optional and cumulative.

Options

The Options section provides the following filters.

  • Select the Severity check box, then click the drop-down and select a comparison operator. Click the second drop-down and select a severity.
  • Click the Enabled drop-down.
    • Select Any to display both enabled and disabled policies.
    • Select Enabled to display only policies that are enabled.
    • Select Disabled to display only policies that are disabled.
  • Click the Technology Type drop-down.
    • Select All to display all policies.
    • Select Flow to display policies that trigger based on flow data.
    • Select Metric to display policies that trigger based on non-flow data.
  • Select the Webhook check box to allow you to filter policies that have Webhook configured on trigger (Trigger Conditions), clear (Clear Conditions), or both. The default is both (Trigger and Clear Conditions).

Specify

The Specify section provides the following filters. Most selections are dependent on the preceding selection.

Click the Technology Type drop-down.
  • Select All to display all policies.
  • Select Flow to display policies that trigger based on flow data.
  • Select Metric to display policies that trigger based on non-flow data.
For Technology Type, select option All from the drop-down.
  • Click Please select a grouping drop-down to select one of the following options.
    • Select Device Groups then click the corresponding drop-down and select a device group/device type.
    • Select Object Groups then click the corresponding drop-down and select an object group.

For Technology Type, select option Flow from the drop-down.
  • Click Please select a grouping drop-down to select one of the following options.
    • Select Device Groups then click the corresponding drop-down and select a device group/device type.
    • Select Object Groups then click the corresponding drop-down and select an object group.
  • Click the Direction drop-down to choose one of the following options - Any, Ingress, or Egress.
  • Click the Aggregated View drop-down and choose an option from the list provided.

For Technology Type, select option Metric from the drop-down.
  • Click Please select a grouping drop-down to select one of the following options.
    • Select Device Groups then click the corresponding drop-down and select a device group/device type.
    • Select Object Groups then click the corresponding drop-down and select an object group.
  • Click the Plugin drop-down and select the plugin that polls the indicator for the policy you seek.
  • Click the Object Type drop-down to choose an object type based on the plugin selected.
  • Click the Subtypes drop-down and choose a subtype from the list provided.
  • Click the Indicators drop-down and choose an indicator from the list provided.

Buttons

  • Click Apply Filter button to apply the filter settings.
  • Click Clear Filter button to remove all filters and to display all policies in the list.
  • Click on collapse to collapse or uncollapse to uncollapse the Filter section.

Policy Folder

By default, all policies created are placed in the All Policies > Default folder. When you have a setup with a fresh install or an upgrade to a future release, in addition to the Default folder, you also have the Selfmon Alerts folder containing Selfmon policies.

Note: All Policies folder contains all the policies.

Default folder has read-write capabilities.

Selfmon Alerts folder is read-only. Policies in this folder cannot be deleted or moved from this folder to another. However, you can disable a policy if you want to prevent it from generating alerts for it.

All Policies, Default, and Selfmon Alerts folders cannot be renamed or deleted.

Click on addPolicyFolder to create a new folder.

Note: Any folder/sub-folder created under All Policies or Default folders can be renamed.

A folder/sub-folder cannot be deleted if it contains policies. You must delete the policies in the folder/sub-folder before it can be deleted.

New folders added have read-write capabilities and policies can be added or moved into it. To rename the folder name, place the cursor on the folder name and click on wrenchIcon . You will be prompted to edit the folder name. To delete the folder, place the cursor on the folder name and click on trashCanIcon . You will be prompted to confirm the deletion of the folder.

Note: The folder to be deleted must contain no policies. You must delete the policies in the folder before a folder can be deleted.

Policies

This section provides a list of existing policies. It allows you to create new policies, modify existing ones, and provides the capability to create webhook definitions and assign them to the policies.

Create Policy

Click createPolicyIcon to create a new policy. Please refer to Policy Editor for details.

Note: Create Policy is only available when a folder under Policy Folder > All Policies is selected.

Delete Selected

Select one or more policy IDs in the list and click deleteSelectedPolicyIcon to delete the policies selected.

Assign Webhooks

Important: Before assigning webhook definitions to the policies, you must first have webhook definitions configured. Please refer to section Webhook Definitions.

To understand Assign Webhooks feature, let's assume you have 7 webhook definition ids (1, 2, 3, 4, 5, 6, and 7) created. Of these 7 webhook definition ids, only 4 webhook definition ids, 1, 2, 3, and 6 are for Type = Policy.

webhookDefinitionManager

In Used In column, you will see no policies for all 4 webhook definitions where Type = Policy. This means that these webhook definitions have not been assigned to any policy yet.

Click assignWebhooksIcon to assign webhook definitions to the policies selected. Below you will find a few scenarios.

Scenario# 1

  • Select policy ID 5 and click assignWebhooksIcon to assign webhook definition ids 1, 2, and 3 to it. Webhook Definition ID 6 is not assigned to policy ID 5.
    policyList

  • You will get the following pop-up with a list of 4 webhook definitions available.
    assignWebhooks

    • The Search field allows you to search from the list of webhook definitions available in the table below.
    • Field Apply To - select Trigger or Clear check box to apply the webhook definition to Trigger or Clear conditions respectively.
    • Select Override Cluster Setting check box to override the setting in Administration > Cluster Manager > tab Cluster Settings > Alerts subtab > field One Webhook per Alert.
      • Only send on first trigger check box is available only when Override Cluster Setting check box is selected. This allows you to override the setting configured cluster-wide. New setting is applied to the selected policies only. When this check box is selected, it will send webhook only on the first trigger of an alert. However, when unchecked, it will send a webhook for every occurrence of an alert even if an alert already exists for that triggered threshold.
  • Select webhook definition ids 1, 2, and 3 to assign to policy id 5.
    policyBrowserAssignWebhooks

  • Click Save and you will get a pop-up.
    assignWebhookPopup

    • Click Ok to overwrite the webhook definitions currently assigned to policy id 5 with webhook definition ids 1, 2, and 3.
    • Click Review Changes to review the policy webhooks association before overwriting policy id 5. A pop-up appears.
      assignWebhooksReviewChanges

      Note: Since this is the first time webhook definition(s) are being assigned to policy id 5, there are no Existing Definitions for it.

      Click Done after reviewing the details. If you want to continue with the assignment of the webhook definitions to the policies selected, click Ok to save or Cancel to exit.

      If you clicked the Ok button, you will see that policy id 5 has webhookIcon icon in Flags column for policy id 5. This indicates that policy id 5 now has webhook definition ids 1, 2, and 3 assigned to it.

      policyList

      To confirm this, click row with policy id 5 > in Actions column click wrenchIcon . Choose tab Trigger Conditions.

      policyEditorWebhooksAssigned

      Important: You will see that Policy ID 5 has Webhook Definition IDs 1, 2, and 3 assigned to it.
      Webhook Definition ID 6 is available but not used.

Scenario# 2

  • Assume you have assigned webhook definition ids 1 and 3 to policy id 40. Please see Scenario# 1 for details on how to assign webhooks. To confirm this, click row with policy id 40 > in Actions column click wrenchIcon . Choose tab Trigger Conditions.
    policyEditorWebhooksAssigned

    Important: You will see that Policy ID 40 has Webhook Definition IDs 1 and 3 assigned to it.
    Webhook Definition IDs 2 and 6 are available but not used.

Post following steps in Scenario# 1 and Scenario# 2, from Events drop-down > select Configuration and then, select Webhook Definition Manager to confirm that webhook definition ids have been assigned to the policies.

webhookDefinitionManagerAssignedToPolicies

  • Webhook Definition ID 1 has 2 Policies in column Used In. This is because 2 policies, 5 and 40, have been assigned to this ID.
  • Webhook Definition ID 2 has 1 Policies in column Used In. This is because only one policy, 5, has been assigned to this ID.
  • Webhook Definition ID 3 has 2 Policies in column Used In. This is because 2 policies, 5 and 40, have been assigned to this ID.
  • Webhook Definition ID 6 has no policies assigned to it.

Scenario# 3

In Scenario# 1, policy id 5 has been assigned webhook definition ids 1, 2, and 3. Let's say you want to remove webhook definition id 3 from policy id 5.

  • Select policy ID 5 and click assignWebhooksIcon .
  • You will get the following pop-up with a list of 4 webhook definitions available.
    assignWebhooks

  • Select webhook definition ids 1 and 2 to assign to policy id 5.
    policyBrowserAssignWebhooks

  • Click Save and you will get a pop-up.
    assignWebhookPopup

  • Click Ok to overwrite the webhook definitions currently assigned to policy id 5 with webhook definition ids 1 and 2.
  • Click Review Changes to review the policy webhooks association before overwriting policy id 5. A pop-up appears.
    assignWebhooksReviewChanges

    Note: In column Existing Definitions, you will see that webhook definition ids 1, 2, and 3 are currently assigned to policy id 5 and in column New Definitions, you are now assigning only webhook definition ids 1 and 2 to policy id 5.

    Click Done after reviewing the details. If you want to continue with the assignment of the webhook definitions to the policies selected, click Ok to save or Cancel to exit.

    Let's assume you have clicked the Ok button to overwrite policy id 5 with webhook definition ids 1 and 2. To confirm this, click row with policy id 5 > in Actions column click wrenchIcon . Choose tab Trigger Conditions.

    policyEditorWebhooksAssigned

    Important: You will see that Policy ID 5 has Webhook Definition IDs 1 and 2 assigned to it.
    Webhook Definition IDs 3 and 6 are available but not used.

Search

The search capability allows user to search the table for the word enter in the field.

List of Policies

The table provides a list of policies created with the following columns.

  • ID - Displays the internal identifier for the policy.
  • Policy Name - Displays the policy name.
  • Description - Displays the policy description.
  • Technology Type - Displays Flow for policies triggered by flow data or displays Metric for policies triggered by all other non-flow data.
  • Severity - Displays the severity level for alerts the policy triggers.
  • Flags - Displays flags when you define the policy to be emailed or to be scheduled or if the webhook exists.
    • envelopeIcon - Email
    • alarmclock - Schedule
    • webhookIcon - Webhook
  • In addition to the data columns, the following controls appear in the Actions column.
    • wrenchIcon or click a policy name - Click to access the Policy Editor page.
    • trashCanIcon - Click to delete the selected policy.

Other

Click gearIcon . If no policy ID is selected, you will only be able to choose Create Policy to create a new policy. All other options from the drop-down will be unavailable.

If you select an existing policy and click gearIcon , you will be able to manage the selected policy and other options such as, Edit, Enable/Disable, Delete, Assign Webhooks, and Clear Webhooks, from the drop-down will be available.

  • Select Create Policy to create a new policy on the Policy Editor.
    Note: Create Policy is only available when a folder under Policy Folder > All Policies is selected.
  • Select Edit to edit an existing policy on the Policy Editor.
  • Select Enable to enable the policies you select.
  • Select Disable to disable the policies you select. Disabled policies display in light text and do not trigger alerts or traps.
  • Select Delete to delete the policies you select.
  • Select Assign Webhooks to assign webhook(s) to the policies selected. A pop-up appears; you can apply one or more webhooks to the selected policies. Webhook definitions must be created before they can be applied. To configure webhook definitions, please refer to Webhook Definition Manager for details. For details on Assign Webhooks, please refer to section Assign Webhooks above.
  • Select Clear Webhooks to clear webhook(s) assigned to the policies selected. A pop-up appears to confirm the deletion of the webhook(s) assigned to the policies selected. Click Yes to confirm the deletion and No to cancel the deletion.
    confirmClearWebhooks