Policies allow you to define how Change Guardian monitors assets in your environment. A policy includes one or more constraints to define a specific change event you want to monitor in your enterprise.
Policies allow you to identify the monitoring target, and then add any combination of the following constraints:
Add filters to more precisely narrow the monitoring target and results
Define managed users for the activity
Define custom event severities
Assign event contexts to categorize policies
Specify event severity generated for events matching this policy
Each Change Guardian module includes several policy types for the respective platforms they support.
After you create a policy, Change Guardian saves the policy in the Policy Repository on the Change Guardian server computer. If you make changes to the policy later, Change Guardian creates a new revision of that policy. Policy revisions allow you to keep and share work that is in progress. Use the Policy Editor to view all policy revisions as well as the version number of the currently enabled policy. You can also load a previous revision of a policy to edit or enable.
You can create a policy in the following ways:
Create a brand new policy with no pre-configured settings
Clone and customize an out-of-the-box template
Clone and customize an existing policy
To create a policy:
In the left pane of Policy Editor, select one of the following:
Active Directory
Group Policy
UNIX
Windows
Azure Active Directory
NetApp Share
Expand the list of policies and select the policy type you want to create, such as Active Directory Policies > AD Object.
Click Create Policy.
On the policy details window, make the appropriate changes.
(Conditional) If you are creating a Windows policy to monitor Local Users and Groups, complete the following:
To ensure the policy generates events, you must add at least one of the following:
Event List
LGU Privileges
Select the events and/or privileges you want to monitor.
Click Submit.
(Conditional) If you want to enable the policy now, select the Enable this policy revision now check box
NOTE:For more information about enabling a policy, see Enabling a Policy Revision.
Out-of-the-box policy templates provide examples of policies and best practice content you can reuse. Applying a policy template from the platform template library will clone the policy into your active policy area. When a copy of the template appears in the list of policies for the module, you can edit the constraints to specify your monitored computers and files.
To clone an out-of-the-box template:
In the left pane of Policy Editor, select one of the following:
Active Directory
Group Policy
UNIX
Windows
Azure Active Directory
NetApp Share
Expand the list of templates and select the template you want to clone. For example, Active Directory Templates > AD Object > Site Link Cost Modified.
Click Apply.
On the policy details window, make the appropriate changes, and then click Submit.
(Conditional) If you want to enable the policy now, select the Enable this policy revision now check box
NOTE:For more information about enabling a policy, see Enabling a Policy Revision
Cloning an existing policy allows you to quickly create a new policy based on a selected existing policy, and then make changes as needed. By default Change Guardian uses the loaded revision of the selected policy when creating a clone, but you can select a specific policy revision.
When you create or edit a policy, you can specify a constant event severity level or allow Change Guardian to calculate the severity automatically. If you set Severity to Automatic, Change Guardian calculates the severity based on whether the user is authorized and if the action was successful. For example:
Sev 5. Unauthorized user, successful action
Sev 4. Unauthorized user, failed action
Sev 3. Authorized user, failed action
Sev 2. Authorized user, successful action
Sev 0 or 1. System events
When you create or edit a policy, the Managed Events section allows you to specify the managed users for that policy. Managed users are allowed to make specific changes to the asset the policy monitors. When managed users make changes, the generated events appear as managed change events.
If you specify a user group as a managed user, as group membership changes, Change Guardian synchronizes policies with the new group members. For more information, see Understanding LDAP Settings.
When you create or edit a policy, use the Event Context section to categorize the policy and specify its purpose. Generated events include the event contexts you specify. You can select one or more of the following default event contexts:
Risk Domain. Select a specific value, or create your own.
Risk. Select a specific value, or create your own.
Sensitivity. Select a specific value, or create your own.
Regulation/Policy. Select a specific value, or create your own.
Control/Classification. Create your own user-defined value.
Response Window. Create your own user-defined value.
You can also create new event contexts with user-defined values.
You must submit policies to the Policy Repository before you can enable or assign policies, or make policies available to others. Before you can assign a policy revision to monitor computers or asset groups, you must enable it. You can enable a policy revision as follows:
When you submit the policy to the Policy Repository, after creating or editing it.
From the history tab of the selected module window in case of an existing policy.
NOTE:After you enable a policy revision, you must assign the policy to computers or assets groups. If you update the enabled revision of a policy already assigned, Change Guardian automatically updates any monitored assets that have that policy with the new revision but only when the agent requests at the next heartbeat.
To enable a policy revision from a module window:
In the left pane, select the policy.
On the History tab, select the policy revision you want to enable.
Click Enable.
Change Guardian allows you to export a policy to an.xml file. You can import a valid policy that was previously exported for future use as a new policy. You can modify an imported policy to easily create a new policy with a similar definition.
You can export one policy at a time but import multiple policies at a time.
To export a policy:
In the left pane of the Policy Editor window, navigate to the policy that you want to export.
Right-click the policy and select Export.
To import a policy:
From the Change Guardian Policy Editor menu window, click Settings > Import Policies.
Select the required .xml file and click Open.