Creating Rules
Overview
Rule is the fundamental pillar of the Compliance configuration. The first and foremost step is to create Rules that are applicable and in-line with the organization policies. Rules can vary in their complexities and can be as simple as defining password complexities to checking if the switch port has been enabled or not on a device.
Motadata AIOps provides out-of-the-box (OOTB) rules for the CIS framework along with the flexibility to create custom rules that might applicable to organization(s). Each Rule has it's unique Rule ID that helps with its identification.
Navigation
Go to Menu. Select Settings After that, Go to Compliance and select Rules. The Compliance Rules screen is displayed.
Rules Screen
All the out-of-the-box Rules according to the CIS framework will be visible here. Users can view Rules details, edit and clone them. A new Custom Rule can also be created from this screen.
Below are the options will be visible on the screen :
| Field | Description |
|---|---|
| Rule ID | Unique numerical identifier for each Rule. |
| Rule | Name of the Rule. |
| Description | Description for the Rule. |
| Tag | Tags defined to the particular Rule. |
| Rule Type | Displays the type of the rule. |
| Actions | Users can only clone the default Rule(s). Actions you can perform on Custom Rule: - Edit: Edit the rule to change its properties. - Clone: Clone the rule and its properties. - Delete: Delete the rule. |
Create a Custom Rule
By default, Motadata AIOps provides out-of-the-box Rules. However, should the organizational needs arise, a user can create a custom rule by clicking on the Create Rule button.
There are two steps to create a Rule, user will need to first need to configure the Rule conditions and in the second step, user will need to define the name, description, severity, impact, and other such details. Let's look at creating a rule step-by step:
1. Audit & Remediation Properties
On the Audit & Remeditaion screen, user will need to enter the below details:
| Field | Description |
|---|---|
| Rule Check in | Click on Config File or CLI option depending on your rule requirement. |
| Rule Configuration | Select between Basic or Advanced. |
| Condition | Select the condition type using the dropdown. |
| Result Pattern | Enter the command or pattern to be matched in the config file. |
| Occurence | Use the dropdown to select the number of occurences Motadata AIOps should select of the Result Pattern from the config file. |
| Operation | If there are more than one rule in the Rule condition, a user can select the operation to be performed among them. Below is a gist for both the options: - OR operation will check the for either one of the rule. An AND operation will only select pattern matching both the conditions in the config file. |
Click on "+" icon to add another rule.
Remediation Action
Remediation Action will allow users to take corrective actions in case any defined rule is violated. Users can manually execute the Runbook if a rule is violated.
| Field | Description |
|---|---|
| Action to be taken | Select a runbook using the drop down to attach with the Rule. |
| Create Runbook | Create a Runbook on-the-fly to attach it to the Rule. |
Click Next once all parameters have been configured to proceed to the second step.
Click Reset to clear all fields and start afresh.
2. General Properties
In this next step, all the general details regarding the Rule will need to be entered. Below are the options displayed on the screen:
| Field | Description |
|---|---|
| Rule Name | Enter an appropriate name for the Rule. |
| Rule Description | Input an explaination for what the rule does. |
| Rule Severity | Click to assign the severity level to the rule. |
| Tags | Enter Tags to associate with the rule. |
| Rationale | Input the rationale behind implementing this rule. |
| Impact | Enter the impact of this rule, if violated. |
| Default Value | Enter the default value for the rule. |
| References | Enter any references for the rule, if any. |
| Additional Information | Enter any additional comments/information for the rule. |
Select Create Rule to create the rule. Select Reset to clear all fields and start afresh.