Policy Management

From Wiki

Policies allow you to create generalized rules about how you want systems in your environment configured (presumably secured to the latest critical patches). You may choose to prioritize certain groups for stricter policies for applications you consider higher risk. Policies allow you to define these rules, apply them to groups you create, then schedule scans to ensure that you're always aware of systems that do not comply with your policies.

Contents 1 Creating Policies 2 Applying Policies to Systems and Groups 3 Viewing by Policy Compliance 4 Remediation by Policy 5 Exporting Policies 6 Importing Policies 7 Emailing a Policy

Creating Policies

1. Open Ecora Patch Manager.

2. Go to Tools>Policy Management.

3. In the Policy Management windows click New.

4. Provide a Name and Description for the policy.

5. For every OS version to which this policy will apply, click in the checkbox.

6. Select the Applications tab.

7. For every software application to which this policy will apply, click in the checkbox.

8. Click on the Patches tab.

9. Click on plus signs to expand the tree by application to see patches.

10. For relevant patches, click in a radio button - Installed, Not Installed, Ignore. This controls which systems will be displayed in Policy view - only systems with patches that meet the criteria will show in the report.

For example, leaving a patch set to Ignore will display systems with the patch installed OR not installed.

11. Click on the Rules tab.

Tips: You do not have to define criteria on all three tabs. If you DO: the filtering queries combine as follows:

• for platforms - the relationship is OR;
• for applications - the relationship is AND;
• for patches - the relationship is AND.

Policies work like IF/THEN statements. IF the selection criteria is true, THEN the rule is checked for true/false to judge compliance.

12. Click on plus signs to expand the tree by application to see patches.

13. For relevant patches, click in a radio button - Must be Installed, Must Not be Installed, Ignore. This controls which systems will be considered compliant with the policy.

14. Click OK to close the policy editor.

15. Click OK to close the policy manager.

16. Click Yes' if you wish to apply the policy to systems or groups at this time.

Applying Policies to Systems and Groups

1. Choose Tools>Policies Selection from the menu.

2. Select a policy in the upper pane to be applied to a group in the lower pane.

Tips: If you have no policies defined, click on Policies Management and follow the policy creation instructions above. If you have no groups defined, click on System Management and follow the grouping instructions.

3. Select a group in the lower pane to which to apply the selected policy.

4. Click on the Attach Policy button to apply the selected policy to the selected group.

5. Click OK.

Viewing by Policy Compliance

1. Follow the instructions for creating and applying policies above.

2. Follow the instructions for scanning systems.

3. In the main interface window Views bar, select the Policy button.

4. Navigate the interface as usual, using the tabs to narrow your view.

Remediation by Policy

1. Follow the instructions for creating and applying policies above.

2. Follow the instructions for scanning systems.

3. In the main interface window Views bar, select the 'Policy button.

4. In the left pane, select the Policy tab.

5. Navigate to the Policy level of the tree and select the policy for which you want automatic remediation.

6. In the right pane, click in the checkbox for Remediation.

7. Click the Push button and follow the instructions for creating a push task.

Exporting Policies

1. Choose Tools>Policy Management from the menu.

2. Select the policy(ies) you wish to export.

3. Click the Export button to access a dialog in which to set the location.

4. Locate the directory in which to save the exported policy.

5. Click Save.

Importing Policies

1. Choose Tools>Policy Management from the menu.

2. Click the Import button.

3. Locate the directory in which an exported policy is saved.

4. Select the XML file containing a policy you wish to import.

5. Click Open.

6. Select the policy you wish to import.

7. Click Import.

Emailing a Policy

1. Choose Tools>Policy Management from the menu.

2. Select the policy(ies) you wish to email.

3. Click the Send to button to open the default email application.

4. Enter or select the recipients as you would in your email application.

5. Verify that the XML is attached.

6. Click Send.