From configuration to execution
Below is an overview of the main steps for managing and monitoring out-of-the-box policies:
1. Configuration
Configure your policy
For each policy, you can configure:
- the threshold
- the remediation settings (if available), including the scheduled recurrence (manual or automatic)
Remember that remediation can involve an alert, and/or an action, and/or an attestation.
2. Enablement
Enable the policy and the remediation
From the Policy Box, click on the toggles to:
- enable the policy
- enable the remediation
if you enable the policy but not the remediation, you will see the matched items, but no alerting nor actions will be executed.
3. Delegation
Roles and permissions
After configuring a policy, you can delegate it to your operators. This step is optional and can be performed at any time.
Delegation is not available in the Essentials solution.
4. Detection and validation
Run the policy
In Step 1, you scheduled one of the following recurrences:
-
Don't schedule (manual trigger only)
If you selected this, you can run the policy when you see fit -
Schedule recurrence
If you selected this option, the remediation will be executed automatically based on the recurrence configured (i.e., daily, monthly, etc.)
5. Remediation
Remediate matched items
Depending on the remediation settings, one of the following scenarios will apply:
- you (or the attestation recipient) receive the attestation via email
- the alert recipient receives an alert
- the remediation action is executed without any communication
6. Monitoring
Check everything is working
Open the “Task notifications” by clicking on the bell on the top menu panel to control your remediation executions. You can also find this under “ACTIONS” and then “Tasks progress”.
The “Actions” menu is not available in the Essentials solution.
Remember that remediation is applied to every single item. No bulk remediation is provided.
If you see the “In progress” tag, an attestation may be currently underway. Always check the timeout days.