Policies
With SIFF collecting your organization configuration it is now possible to analyze the configs to ensure best practices, prevent known configuration issues, and detect policy violations.
Policy Definitions provide a way to:
- Define what configuration the policy applies to by specifying the set of service definitions and resources.
- Specify the Policy Type and the associated rules/conditions
- Set the scope of the policy to apply to all matching elements or only elements within specific Collections.
- Optionally associate Policy Actions that are triggered when a violation occurs
Policy Types
- Examine config: alert on invalid configurations, or alert when out of compliance.
- Compare config - same device: ensure different resources on the same device have matching configuration, for example the startup configuration matches the running configuration on a router.
- Compare config - on different devices: ensure configuration is the same across devices.
- Compare config - to previous config: ensure the configuration hasn't changed.
Policy Actions
By default enabled policies with anaylze the current set of config to find violations and tag the corresponding change and config entries. When new config changes come in they are also anaylzed and tagged if a violation is seen.
In addition Actions can be defined and also triggered on violation when config changes come in. The types of actions provided are:
- Email: Send an email notification
- HTTP/S: GET or POST to a URL for external integration purposes
- Script: Run a script on the collector for external integration purposes
The Community
Similar to Service Definitions, Policies are also part of the SIFF community ecosystem and Policy Definitions can be shared to the community and community definitions installed. For more information on how this works refer to the Service Definitions page.
Policy Violations
When an change/config entry violates an active policy a violation marker (exclamation marker) is added to the entry header with a count of the number of violations. On expanding the entry the Violations field will list the policy and rule that was violated.
Searching for Violations
Use the Violations search category to search for violations by the Policy Definition name. Clicking on the Violations field name or the actual violation in a change/config entry can also be used to make a more specific search.
Creating Policy and Action Definitions
Refer to the Creating Policy Definitions guide for more information.