Skip to main content

Creating Rules

Overview

Rule is the fundamental pillar of the Compliance configuration. The first and foremost step is to create Rules that are applicable and in-line with the organization policies. Rules can vary in their complexities and can be as simple as defining password complexities for devices to checking if the switch port has been enabled or not on a device.

Rules can vary in their complexities and can be as simple as ensuring if the description of an interface has been correctly provided to checking if the SNMP server community string is properly defined.

Motadata AIOps provides out-of-the-box (OOTB) rules for the CIS framework along with the flexibility to create custom rules that might applicable to organization(s). Each Rule has it's unique Rule ID that helps with its identification.

Go to Menu. Select Settings After that, Go to Compliance Settings and select Rules. The Compliance Rules screen is displayed.

Rules Screen

All the out-of-the-box Rules according to the CIS framework will be visible here. Users can view Rules details, edit, clone, and delete (only Custom Rules). A new Custom Rule can also be created from this screen.

Below are the options will be visible on the screen :

FieldDescription
RuleName of the Rule.
DescriptionDescription for the Rule.
TagTags defined to the particular Rule.
Rule TypeDisplays the type of the rule.
ActionsUsers can only clone the default Rule(s). Actions you can perform on Custom Rule:

- Edit: Edit the rule to change its properties.

- Clone: Clone the rule and its properties.

- Delete: Delete the rule.

Create a Custom Rule

By default, Motadata AIOps provides out-of-the-box Rules. However, should the organizational needs arise, a user can create a custom rule by clicking on the Create Rule button.

There are two steps to create a Rule, user will first need to configure the Audit & Remediation Properties and in the second step, user can define general properties such as, name, description, severity, impact, and other details. Let's look at creating a rule step-by step:

1. Audit & Remediation Properties

On the Audit & Remediation screen, user will need to enter the below-mentioned details. Since the configuration option vary based on Rule Check-in type, let's look at each of them separately:

When creating a Rule using Config File, it will be required to choose a Rule Configuration. Since the parameters differ based on the type of configuration, let's explore them one at a time:

The Basic Rule Configuration allows user to define a Condition, Result Pattern, and the result pattern's occurence in the Config File and based upon those parameters set a Remediation Action.

FieldDescription
Rule Check inClick on Config File.
Rule ConfigurationSelect the Basic option.
ConditionThere are two condition options available. Below is a quick gist:

- Should Not Contain: When chosen, Motadata AIOps will only apply the Rule to devices that do not contain the mentioned Result Pattern.

- Should Contain: When this option is selected, Motadata AIOps will only apply the Rule to devices that contain the mentioned Result Pattern.

You can also add multiple conditions by clicking on

Result PatternEnter the command or string pattern to be matched in the config file.
OccurenceUse the dropdown to select the number of occurences Motadata AIOps should select of the Result Pattern from the config file.
Operation

If there are more than one rule in the Rule condition, a user can select the operation to be performed among them. Below is a gist for both the options:

- An OR operation will check the for either one of the rule.

- An AND operation will only select pattern matching both the conditions in the config file.

Remediation Action

Remediation Action will allow users to take corrective actions in case any defined rule is violated. Users can manually execute the Runbook if a rule is violated.

FieldDescription
Action to be takenSelect a runbook using the drop down to attach with the Rule.
Create RunbookCreate a Runbook on-the-fly to attach it to the Rule.

Click Next once all parameters have been configured to proceed to the second step.

Click Reset to clear all fields and start afresh.

2. General Properties

In this next step, all the general details regarding the Rule will need to be entered. Below are the options displayed on the screen:

FieldDescription
Rule NameEnter a unique and descriptive name for the Rule to help you easily identify it.
Rule DescriptionEnter a brief explanation about Rule's purpose which can help clarify the rule's intent.
Rule SeverityThere are five severity levels that can be assigned to a Rule. Below is a gist for them:

- Critical: Immediate attention needed to prevent major disruptions or security breaches.

- High: Serious risk that requires prompt remediation to avoid significant issues.

- Medium:Moderate risk with a potential impact on system performance or security.

-Low: Minor issues that contribute to overall improvement but are not urgent.

- Info: Informational, serving as a guideline or best practice with no direct impact.

TagsDefine a tag for the Rule to categorize or group them with similar rules.
RationaleEnter a justification for the rule that explains the importance of the rule for maintaining compliance.
ImpactMention the consequence on the system if the rule is violated. Typically, this information is derived from compliance frameworks (CIS, PCI, SOX).
Default ValueEnter the default values applicable for the rule.
ReferencesProvide documents, links, or guidelines of compliance frameworks or source material can be mentioned here.
Additional InformationMention any supplementary details necessary for understanding or implementing the rule in this field.

Select Create Rule to create the rule.

Select Reset to clear all fields and start afresh.