Use policy monitor questions to assess and manage risk in your network. Create and define specific risk questions about your network to assess or monitor risk that is based on the analysis of risk indicators.
In policy monitor, you can define policies, assess adherence to a policy, evaluate results of questions, and monitor new risks.
Default question templates are available help you to assess and monitor the risk on your network. You can use one of the default question templates as a basis for your own questions or you can create a new question. You can find the default question templates in the Group menu on the Policy Monitor page.
You can choose from the following list of risk indicators:
Network activity measures risk based on network communications that occurred in the past.
Configuration and topology measure risk that is based on possible communication and network connections.
Vulnerabilities measure risk that is based on your network configuration and vulnerability scan data that is collected from network assets.
Firewall rules measures risk based on the enforcement or absence of firewall rules that are applied across the network.
You can define tests that are based on the risk indicators, and then restrict the test results to filter the query for specific results or violations.
Security professionals create questions for assets or devices/rules to flag risks in their networks. The risk level for an asset or a device/rule is reported when a question is submitted to the policy monitor. You can approve results that are returned from assets or define how you want the system to respond to unapproved results.
Use policy monitor question results to assess risk for many security-risk scenarios such as the following scenarios:
Use of forbidden protocols to communicate.
Communication with forbidden networks or assets.
Firewall rules don't comply with corporate policy.
Systems prone to high-risk vulnerabilities because of their network configuration.