Creating New Enforcement Sets
- 2 Minutes To Read
The Enforcement Set Configuration page lets customers configure new enforcement sets and view and edit existing enforcement sets.
Enforcement Sets execute a saved query (which can represent a security policy) and then automatically take an action on the query results (policy gaps) to bridge, mitigate, notify or create incidents on the identified gaps.
To create a new enforcement set:
- Click icon on the left navigation panel. The Enforcement Center page opens.
- Click Add Enforcement. The Enforcement Set page opens.
An enforcement set consists of the following configuration aspects:
Main Action (required)
Click the Main Action button to select and configure the mandatory main action from the Action Library, to be performed when the enforcement set is executed.
In the Enforcement Set Name field, specify a unique name.
Success / Failure / Post Actions (optional)
- Success Actions – select and configure one or more (optional) actions from the Action Library, to be performed on the entities for which the enforcement Main Action has been completed successfully.
- Failure Actions – select and configure one or more (optional) actions from the Action Library, to be performed on the entities for which the enforcement Main Action has been completed unsuccessfully.
- Post Actions - select and configure one or more (optional) actions from the Action Library, to be performed on ALL the entities, after the Main Action execution has been completed.
For example, if a Main Action is performed successfully on 8 out of 10 entities:
- Any configured Success Action is performed on all the 8 entities, where the Main Action has been performed successfully.
- Any configured Failure Action is performed on the 2 entities, for which the Main Action has failed.
- Any configured Post Action is performed on all 10 entities, the same entities were performed by the Main Action.
- Trigger (optional)
You can also execute enforcement sets on a saved query or on specific devices or users. Trigger configuration is required if you want to use a saved query and to configure custom scheduling. Otherwise, if you want to execute the enforcement set on specific devices or users, Trigger is optional.
For details, see Configuring Triggers.
Once you have saved the main action, trigger or any additional action, the following buttons are displayed in the top right corner of the dialog:
- Edit button - This button lets you edit a configured action or the Trigger.
- Delete button - This button lets you delete a configured action or remove the configured Trigger.
To manually execute the enforcement set, click Run. The Run button will be enabled, only when the following conditions are met:
- The Main Action and the Trigger are configured.
- The Main Action is not being edited.
- The Trigger is not being edited.
- Success / Failure / Post Actions are not being edited or created.
To view all the enforcement set running instances, also known as the enforcement tasks click View Tasks. The Enforcement Tasks page open, displaying the enforcement tasks filtered according to the enforcement set name.
For more details, see Enforcement Tasks page.
You can also view, edit, and delete enforcement sets. For details, see: