Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Creating a Question That Tests for Rule Violations

Create a device/rules question in policy monitor to identify the rules in a device that violated a defined policy, or introduced risk into the network.

Policy monitor questions are evaluated in a top down manner. The order of policy monitor questions impacts the results.

  1. Click the Risks tab.

  2. On the navigation menu, click Policy Monitor.

  3. From the Actions menu, click New Device/Rules Question.

  4. In the What do you want to name this question field, type a name for the question.

  5. From the Importance Factor list, select the level of importance that you want to associate with this question.

  6. From the Which tests do you want to include in your question field, click the + icon beside the tests you want to include.

  7. In the Find Devices/Rules that field, configure the parameters for your tests.

    Configurable parameters are bold and underlined. Click each parameter to view the available options for your question.

  8. In the groups area, click the relevant check boxes to assign group membership to this question.

  9. Click Save Question.

Investigating Devices/rules That Allow Communication to the Internet

In policy monitor, device tests are used to identify, rules on a device that violate a defined policy, or changes that introduce risk into the environment.

Device tests are used to identify rules in a device that violate a defined policy or changes that introduce risk into the environment. From a network security perspective, it is important to know about changes to device rules. A common occurrence is when servers get unintentional access to the Internet because of firewall change on the network. JSA Risk Manager can monitor for rule changes on network devices by creating a policy monitor question based on the device rules.

Create a policy monitor question that checks what devices have access to the Internet.

  1. Click the Risks tab.

  2. On the navigation menu, click Policy Monitor.

  3. From the Actions menu, select New Devices/Rules Question.

  4. In the What type of data do you want to return?, click Devices/Rules.

  5. From the Importance Factor list, select the level of importance that you want to associate with your question.

  6. In the Which tests do you want to include in your question section, click the plus icon beside the test, allow connections to the Internet to add the test to your question.

  7. Click Save Question.

  8. Select the policy monitor question that you created for monitoring device rules.

  9. Click Submit Question.

  10. Review the results to see whether any rules allow access to the Internet.

  11. Monitor your protected assets by putting the policy monitor question into monitoring mode.