Evaluation Of Results from Policy Monitor Questions
You can evaluate the results that are returned from a policy monitor question in JSA Risk Manager.
Approving a result of a question is similar to tuning your system to inform JSA Risk Manager that the asset that is associated with the question result is safe or can be ignored in the future.
When a user approves an asset result, the policy monitor sees that asset result as approved, and when the policy monitor question is submitted or monitored in the future, the asset is not listed in the question results. The approved asset does not display in the results list for the question unless the approval is revoked. The policy monitor records the user, IP address of the device, reason for approval, the applicable Device/Rule, and the date and time.
Policy monitor results that are approved are not returned from policy monitor questions. Approve results to policy monitor questions that don't represent risk in your network.
- In the results table, select the check box next to the results you want to accept.
- Choose one of the following options:
Select this option to approve all the results.
Select the check box next to the results that you want to approve, and then click Approve Selected.
- Type the reason for approval.
- Click OK.
- Click OK.
- To view the approved results for the question, click View Approved.
The Approved Question Results window provides the following information:
Table 1: Approved Question Results Parameters
The device that is associated with this result in Device/Rule Results.
The IP address that is associated with the asset in Asset Results.
The user that approved the results.
The date and time the results were approved.
Displays the text of the notes that are associated with this result and the reason why the question was approved.
If you want to remove approvals for any result, select the check box for each result for which you want to remove approval and click Revoke Selected. To remove all approvals, click Revoke All.