Creating New Enforcement Sets
  • 2 minutes to read
  • Print
  • Share
  • Dark
    Light

Creating New Enforcement Sets

  • Print
  • Share
  • Dark
    Light

The Enforcement Set Configuration page lets customers configure new enforcement sets and view and edit existing enforcement sets.

Enforcement Sets execute a saved query (which can represent a security policy) and then automatically take an action on the query results (policy gaps) to bridge, mitigate, notify or create incidents on the identified gaps.

To create a new Enforcement Set:

  1. Click image.png icon on the left navigation panel. The Enforcement Center page opens.
  2. Click Add Enforcement. The Enforcement Set page opens.
    image.png

An Enforcement Set consists of the following configuration aspects:

  1. Enforcement Set Name (mandatory)
  2. Main Action (mandatory)
  3. Success / Failure / Post Actions (optional)
  4. Trigger (optional)

1 - Enforcement Set Name (mandatory)
In the Enforcement Set Name field, specify a unique name.

2 - Main Action (mandatory)
Click the Main Action button to select and configure the mandatory main action from the Action Library, to be performed when the enforcement set is executed.

3 - Success / Failure / Post Actions (optional)

  • Success Actions – select and configure one or more (optional) actions from the Action Library, to be performed on the entities for which the enforcement Main Action has been completed successfully.
  • Failure Actions – select and configure one or more (optional) actions from the Action Library, to be performed on the entities for which the enforcement Main Action has been completed unsuccessfully.
  • Post Actions - select and configure one or more (optional) actions from the Action Library, to be performed on ALL the entities, after the Main Action execution has been completed.

For example, if a Main Action is performed successfully on 8 out of 10 entities:

  • Any configured Success Action is performed on all the 8 entities, where the Main Action has been performed successfully.
  • Any configured Failure Action is performed on the 2 entities, for which the Main Action has failed.
  • Any configured Post Action is performed on all 10 entities, the same entities were performed by the Main Action.
NOTE
To learn more about all supported actions, see Action Library.

4 – Trigger (Optional)
You can also execute Enforcement sets on a saved query or on specific devices or users. Trigger configuration is mandatory if you want to use a saved query. Otherwise, if you want to execute the enforcement set on specific devices or users, Trigger is optional.
For details, see Configuring Triggers.



Once you have completed the new enforcement set configuration:

  • The Save & Exit button is enabled. To save the enforcement set, click Save & Exit.
  • If you have configured the enforcement set trigger, the Save & Run button is enabled as well. To save and execute the enforcement set, click Save & Run. As a result, the Views Tasks button will be displayed.
  • Click View Tasks to view all the enforcement set running instances, also known as the Enforcement Tasks. The Enforcement Tasks page open, displaying the enforcement tasks filtered according to the enforcement set name.
    For more details, see Enforcement Tasks page.



You can also view, edit, and delete enforcement sets. For details, see:

Was this article helpful?