- 31 Jul 2022
- 2 Minutes to read
Creating New Enforcement Sets
- Updated on 31 Jul 2022
- 2 Minutes to read
Use the Enforcement Set Configuration page to configure new Enforcement Sets and view and edit existing Enforcement Sets.
Enforcement Sets execute a saved query (which can represent a security policy) and then automatically take an action on the query results (policy gaps) to bridge, mitigate, notify or create incidents on the identified gaps. You can also use enforcement sets to create notifications about events in the system for instance Activity Log events, or Fetch History events
To create a new Enforcement Set:
- Click icon on the left navigation panel. The Enforcement Center page opens.
- Click Create Enforcement Set. The Enforcement Set page opens.
An Enforcement Set consists of the following configuration aspects:
Main Action (required)
Click the Main Action button to select and configure the mandatory main action from the Action Library, to be performed when the enforcement set is executed.
In the Enforcement Set Name field, specify a unique name and enter the information in the appropriate fields.
Success / Failure / Post Actions (optional)
- Success Actions – select and configure one or more (optional) actions from the Action Library, to be performed on the entities for which the enforcement Main Action has been completed successfully.
- Failure Actions – select and configure one or more (optional) actions from the Action Library, to be performed on the entities for which the enforcement Main Action has been completed unsuccessfully.
- Post Actions - select and configure one or more (optional) actions from the Action Library, to be performed on ALL the entities, after the Main Action execution has been completed.
For example, if a Main Action is performed successfully on 8 out of 10 entities:
- Any configured Success Action is performed on all the 8 entities, where the Main Action has been performed successfully.
- Any configured Failure Action is performed on the 2 entities, for which the Main Action has failed.
- Any configured Post Action is performed on all 10 entities, the same entities were performed by the Main Action.
- Trigger (optional)
You can also execute enforcement sets on a saved query or on specific devices or users. Trigger configuration is required if you want to use a saved query and to configure custom scheduling. Otherwise, if you want to execute the enforcement set on specific devices or users, Trigger is optional.
For details, see Configuring Triggers.
Once the main action, trigger or any additional action are configured, the following buttons are displayed in the top-right corner of the dialog:
- Edit - Use Edit to edit a configured action or the Trigger.
- Delete - Use Delete to delete a configured action or remove the configured Trigger.
Click Run to manually execute the enforcement set. Run is enabled, only when the following conditions are met:
- The Main Action and the Trigger are configured.
- The Main Action is not being edited.
- The Trigger is not being edited.
- Success / Failure / Post Actions are not being edited or created.
To view all the enforcement set running instances, also known as enforcement tasks, click View Tasks. The Enforcement Tasks page opens, displaying the enforcement tasks filtered according to the enforcement set name.
For more details, see Enforcement Tasks page.
For more information about working with Enforcement Sets see:
- Viewing and Modifying Existing Enforcement Sets
- Duplicating Enforcement Sets
- Deleting Existing Enforcement Sets