Create and Execute an Enforcement Set

You can take action on the identified security gaps by defining enforcement sets in the Axonius Security Policy Enforcement Center.

The Enforcement Center lets you actively and automatically enforce your security policies by creating configurable enforcement sets. Enforcement sets execute a saved query and then automatically takes action based on the query results to bridge, mitigate, notify, or create incidents on the identified gaps.

For more details, see Enforcement Center Overview.

Creating a New Enforcement Set

The Enforcement Set Configuration page lets you configure new enforcement sets, and view and edit existing enforcement sets.

An Enforcement Set executes a saved query (which can represent a security policy) and then automatically takes action on the query results (potential policy gaps) to bridge, mitigate, notify or create incidents on the identified gaps.

To create a new enforcement set:

1. Click icon on the left navigation panel. The Enforcement Center page opens.

2. Click Create Enforcement Set. The Create Enforcement Set drawer opens.

4. Axonius offers a vast list of actions categorized under several categories. Select a Main Enforcement Action, give it a name and select the query that will define which assets the Enforcement Action will run on. Configure the other required fields and any optional additional fields.

   For more details, see Creating Enforcement Sets. For a list of all available Enforcement Actions, see the Action Library.

5. Click Advanced options at the botton of the drawer to add additional Enforcement Actions to the Enforcement Set.
   

   For more details, see For more details, see Configuring Success, Failure and Post Enforcement Actions.

6. When configuration is complete, do one of the following:

   • Click Save to save the Enforcement Set under the My Enforcements folder. If you configured scheduling, the Enforcement Set will run according to the schedule.
   • Click Test Run to test the Enforcement Set on one asset. See Testing an Enforcement Set.
   • Click Save and Run to save the Enforcement Set and run it immediately.

   For more information about working with Enforcement Sets see the following:
   Enforcement Center Overview
   Using the Enforcement Center Page
   Managing Enforcement Sets
   Creating Enforcement Sets
   Testing an Enforcement Set
   Creating Enforcement Action Dynamic Value Statements
   Scheduling Enforcement Set Runs
   Running Enforcement Sets
   Viewing Enforcement Set Run History
   Terminating an Enforcement Set Run
   Duplicating Enforcement Sets
   Editing and Deleting Enforcement Sets

Configuring an Email Server

For some of the Enforcement Actions, you must configure an email server. For example, the Send Email action, sends an email with the query results to a predefined list of recipients.

To configure an email server, open the System Settings, enable Send Email under Managing External Integrations and configure the email host and port. For more details, see Configuring - Email Settings.

Viewing Enforcement Run History

The Enforcement Run History page displays the results of each Enforcement Set run.
To view an Enforcement Run History:

1. Click icon on the left navigation panel. The Enforcement Center page opens.
2. Click Run History. The Run History page opens.

3. Click a specific Enforcement Set run.
   The page displays the enforcement run information summary and the list of actions performed.

4. Click the Affected Assets to see the results of each action. They open in the relevant Assets page.
   For details, see Viewing and Analyzing Enforcement Task Action Results.