Creating Enforcement Sets

The Enforcement Center allows you to actively control your asset environment. Use it to build and apply policies and create triage and remediation actions. Enforcements may be automated or run manually. The following procedure describes how to create a new Enforcement Set.

To create an Enforcement Set

1. Click icon on the left navigation panel. The Enforcement Center page opens.

2. Click Create Enforcement Set. The Create Enforcement Set drawer opens.

   The Enforcement Set drawer displays all available Enforcement Actions according to their category. The most recently used Actions are in the Recently Used category. Click the arrows on the right of a category to expand or collapse the category.

   You can display Enforcement Actions in two views:

   • Click to display the Enforcement Actions in a list view.

     

   • Click to display the Enforcement Actions in a tile view.

     

3. In the Enforcement Set drawer, select an Enforcement Action in one of the following ways:

   • Recently used Actions appear at the top.
   • Scroll the list of Actions and click the Action you want.
   • In the Search action field, begin typing the name of the Action you want. The list is automatically filtered as you type.
   • From the Category list, select one or more categories and then an Action.

   The selected Action is added to the Enforcement Set as the Main Action.

   

4. To add a description of the Enforcement Set, click Add description and type a description in the Description text box.

5. In the Enforcement Set name field, use the default name provided or enter a different name for the Enforcement Set.

   Note:

   Axonius autofills fields with default values where possible. Required fields are marked with a * next to the field name.

6. In the Run action on assets matching the following query field, from the Module list, select the module/asset type you want to query. Then, from the Select Query list, do one of the following:

   • Select a saved query from the list.

   

   • Click Add Query to create a new query using the query wizard. To learn more about creating a new query, see Adding a New Query.

7. In the Main Action section, use the default name provided in Action name or enter a new name.

8. If you want to define conditions and dynamic values, toggle on Configure Action Conditions and provide the condition definition. Click Validate to make sure the conditions are valid. To learn more about condition syntax, see Configuring Enforcement Action Conditions.

   

9. Fill in the remaining required fields for the Main Action. To learn more about each Enforcement Action and its fields, see the Enforcement Action Index.

10. Once all required fields are filled in, you can test the connection to the Adapter by clicking Test Connection. This functionality is not available for all Enforcement Actions.

11. Do one of the following:

• To configure scheduling and run the Enforcement Set automatically at specified times, toggle on Set scheduling and set the schedule parameters. See Scheduling Enforcement Set Runs.

• To configure optional fields, click Additional Fields and provide values for the fields you want to use. See the Enforcement Action Index for details on each field of each Enforcement Action.

• To configure Success Actions, Failure Actions, or Post Actions, click Advanced options. See Configuring Success, Failure and Post Enforcment Actions below.

• To save the Enforcement Set at any time, even if not all required fields are filled in, click Save. The Drafts folder on the Enforcement Set page is displayed.

• To use Test Run to test the outcome of the Actions, click Test Run. See Testing an Enforcement Set for more information on using Test Run.

• To save the Enforcement Set and run it, click Save and Run. You can view the results of all Enforcement Set runs on the Run History page. See Viewing Run History.

Configuring Success, Failure, and Post Enforcement Actions

An Enforcement Set can inlude one or more Success, Failure, and/or Post Actions.

• Success Actions are run on each asset for which the Main Action completes successfully.
• Failure Actions are run on each asset for which the Main Action does not complete successfully.
• Post Actions are run on ALL assets matching the query after the Main action has completed.

As actions are added, they are organized under the Main Action as shown below:

To configure Success, Failure, and Post Enforcement Actions

1. At the bottom of the Create Enforcement Set drawer, click Advanced options. A two-pane Enforcement Set drawer opens with Overview in the left pane and a description of the selected item in the right pane.

2. To add an Action, hover the mouse pointer over button under Main Action. The types of conditional actions you can add are displayed.

3. Click one of the Actions and select the Action you want from the drawer. A tile for the Action is added under the Main Action and is automatically selected. Action details are displayed in the right pane. Configure all required fields and whatever optional fields you want.

   

4. To add more Actions:

   

5. By default, the Main Action is run first, then all other Actions are run concurrently. To require all actions in the Enforcement Set to run serially in the order they are configured, at the top of the Overview pane, click the gear icon and toggle on Apply action execution order.

   

   When this option is enabled, all Success Actions are run according to their configured order. Then, all Failure Actions are run according to their configured order. Lastly, all Post Actions are run according to their configured order.

   Note:

   Enabling this option affects the time it takes the Enforcement Set to run. Running Actions concurrently generally takes less time than running them in order.

6. When you have added and configured all the Actions you want, do one of the following:

   • To save the Enforcement Set and continue editing, click Save. The Enforcement Set is saved.
   • To use Test Run to test the outcome of the Actions, click Test Run. See Testing an Enforcement Set for more information on using Test Run.
   • To save the Enforcement Set and run it, click Save and Run. The Enforcement Center page is displayed with the My Enforcements folder selected. You can view the results of all Enforcement Set runs on the Run History page. See Viewing Run History.

Creating a New Query