Policy Monitor Question Parameters
SUMMARY You can define test questions to identify risk in network devices or rules on network devices.
Generic and Test-specific Parameters for Policy Monitor Tests
You configure parameters for each Policy Monitor test. Configurable parameters are bolded and underlined. You click a parameter to view the available options for your question.
Policy Monitor tests use two types of parameters; generic and test-specific. Generic parameters provide 2 or more options to customize a test. Clicking a generic parameter toggles the choices that are available. Test-specific parameters require user-input. You click test-specific parameters to specify information.
For example, the asset test that is called have accepted communication to destination remote network locations contains two generic parameters and one test-specific parameter. Click the generic parameter have accepted to select either have accepted or have rejected. Click the generic parameter to destination to select either to destination or from source. Click the test-specific parameter remote network locations to add a remote location for the asset test.
Test Questions for Assets
Asset questions are used to identify assets on the network that violate a defined policy or introduce risk into the environment.
Asset test questions are categorized by communication type; actual or possible. Both communication types use contributing and restrictive tests.
Actual communication includes any assets on which communications were detected by using connections. Possible communication questions allow review for cases when specific communications are possible on assets, regardless of whether or not a communication was detected.
A contributing test question is the base test question that defines what type of actual communication you are trying to test.
A restrictive test question restricts the test results from the contributing test to further filter the actual communication for specific violations.
When you use a restrictive test, the direction of the restrictive test can follow the same direction as the contributing test. Restrictive tests that use a mix of inbound and outbound directions can be used in situations where you are trying to locate assets in between two points. For example, a restrictive test can locate assets in between two networks or IP addresses.
Inbound refers to a test that is filtering the connections for which the asset in question is a destination. Outbound refers to a test that is filtering connections for which the asset in question is a source.
Test Questions for Devices and Rules
Devices and rules are used to identify rules in a device that violate a defined policy that can introduce risk into the environment.
For a detailed list of device rule questions, see Device/rules test questions.