The policy manager is used to execute predefined policies and requirements that trigger risk messages or format designated table reports, based on string matching logic. Default Policies and individual Requirements can be “Enabled or Disabled” by clicking the toggle button. Policies and Requirements are global in nature and changes made when in one workspace will apply to all workspaces. For example, if a Policy, Requirement, or Device is deactivated in one workspace, that update will apply to all workspaces. Risk Policies are run when new data is imported into NP-View. Table Highlight Policies are run when a modal report is opened.
Using the policy manager requires the understanding of a few concepts:
Requirement A requirement contains Regex logic to trigger a message or formatting action for one use case.
Policy A policy is a collection of related requirements and does not have any logic associated with it, it is a means for categorization. Policies can be enabled or disabled.
Risks and Warnings Requirements Trigger alert messages based on Regex logic. Individual policies can be enabled or disabled and assigned to one or more devices.
Table Highlighting Requirements Formats the color of cells and text based on Regex logic. Highlighting is report specific.
Risk and Warnings messages, which can be found in the Risks & Warnings and Access Rules table reports, are generated using Policies and Requirements located in the Policy Manager. Default Policies and Requirements are automatically assigned to all devices when they are first imported, and run when network device configuration changes are identified.
The following default Risk alert Policies policies are provided for all Compliance modules:
CiS Benchmarks are provided as part of the Best Practices Module. CiS Benchmarks provide a powerful set of secondary policies to help identify risks within your network. CiS Benchmarks are disabled by default and must manually be enabled and assigned to devices. As noted, changes to Risk related Policies, Requirements or Devices apply to all workspaces. CiS Benchmark Policies and Requirements can be deactivated but not edited or deleted.
To better understand how to use the policy manager, let’s walk through an example using Risks & Warnings Policies and Requirements.
In the above image we can see the policy manager window open. The Risks & Warnings Policies tab has been selected. Below there is a dropdown that contains all the default policies available. The Default Access Rule Risk Policy has been selected.
When a Policy is selected we see its details on the right side of the window. Risks & Warnings Policies are device-specific and it is on this page where we can change what devices the policy applies to. If we change whether or not the Policy is enabled, or the devices included, the Policy will run on next data import or by resetting and rerunning all risk policies. Resetting and rerunning will clear all existing risks and run all the enabled Requirements within that Policy.
On the left hand side, below our chosen Policy, we can see the Requirements that are included in this Policy and an icon indicating whether or not they are enabled.
In the above image we can see then information for a default Requirement, “Any Service Open”. looking at the details for this requirement we can see its name, its details, and the logic being used to trigger the Risk alert message. This requirement is an example of compound logic being used. This risk will only trigger if all three conditions are met. Conditions have four elements.
Apply To This is the Table_Column that the logic test will be applied
Apply When If the string is found or not found
String What information the requirement is looking for in the specified table_column
Operator Used to build compound logic using and/or
When a risk requirement is met, a risk alert will be generated and posted to the Risks & Warnings table as shown below:
The Access Rules table report will also display the highest criticality risk for each access rule as shown below:
Now that we know where the text comes from – let’s find out where the coloring comes from.
Table Highlighting Policies and Requirements work in almost the same way as Risks & Warnings, with a few key differences. The main being that it formats cells and texts instead of producing an alert message.
On the default Policy page for Table Highlighting we can see that these Policies do not require device selection.
Selecting a default Requirement for this Policy shows us the requirement details.
For a Table Highlight requirement there are a few more options that are used to target the logic for the action. First, we choose the target Table and Column that will receive the Highlighting Action. Then we choose the table and column where we want the logic to run.
Compliance Type Table Highlighting requirements can be set to run only on certain compliance frameworks
Table The target table that the highlighting will be applied to if the logic is found.
Column The target column within the previously chosen target table, that the highlighting will be applied to if the logic is found
When String The string the requirement is searching for
Is found or not found
In Column Table_Column where the requirement is searching for the designated string
Operator And/ or for building compound logic
Highlighting Action If the conditions for the logic are met this is how the cell will be colored and how the text will be colored.
When the modal report is opened that contains a highlight policy, the rules will be automatically applied and the table highlighted accordingly.
Sometimes there may be a reason to need to reset the risk alerts. For this, Administrator or Workspace Admins have access to a rest function on the Risks & Warnings Policies Overview page. This action will reset all Risks and Warnings information for this workspace. After, all enabled risk policies and requirements for this workspace will be rerun.
Because Policies will be rerun after reset, at least one policy must be enabled at time of reset. Only Risks and Warnings data will be affected.
