Change Guardian stores the policies in the Change Guardian policy repository. You can assign policies to assets or asset groups.
After creating a policy, you can perform various activities such as clone a policy, assign the policy to an asset, and schedule policy monitoring. While working with policies, ensure that you follow the order specified below:
Submit a policy or make the policy available by cloning from a template
Enable the policy
Assign a policy revision to an asset or asset group
This section provides the following information:
Cloning a policy allows you to create a policy based on an existing policy and then make changes as required. By default, Change Guardian uses the latest revision of the selected policy when creating a clone. You can also select a specific policy revision.
Policy templates provide examples of best configured policies that you can reuse. Applying a policy template from the platform template library clones the policy into your active policy area. Edit the criteria to specify the assets and files to be monitored.
To clone from a template:
In Policy Editor, under the desired application, select the template you want to apply.
Specify the required information, and click Submit.
(Conditional) If you want to enable the policy immediately, select Enable this policy revision now.
NOTE:For more information about enabling a policy, see Enabling a Change Guardian Policy Revision.
If you add a policy to a policy set that contains multiple asset types, the policy applies only to the applicable assets. For example, if you apply a UNIX policy to a policy set that contains Windows and UNIX assets, the policy applies to UNIX assets only.
Use the Policy Set Manager to add, edit, or clone policy sets. To open Policy Set Manager, click Change Guardian > Policy Set Manager.
To assign a policy or policy set to an asset:
Click Change Guardian > Policy Assignment.
Select an asset or asset group, and click Assign Policies.
Select a policy set or policy, and click Apply.
NOTE:You cannot assign policies using Asset Groups for the following asset types: Azure AD, AWS for IAM, Dell EMC, Microsoft Exchange, Microsoft Office 365, and NetApp.
You can edit an existing policy or policy set from the way it was assigned. For example, if you want to add an event destination to a policy that was assigned using policy set, you can edit it in the policy set only. This also applies to group assignments.
When you change a policy, Change Guardian creates a new revision of that policy. Policy revisions allow you to keep and share work that is in progress. You can view all policy revisions and the version number of the currently enabled policy in Policy Editor. You can edit and enable a previous revision of a policy.
To enable an older revision:
Select the desired policy under the application name.
On the History tab, enable the required policy revision.
Assign the policy to assets or asset groups.
NOTE:If you update the revision of a policy that is already assigned, Change Guardian automatically updates all associated assets with the new revision of that policy.
Change Guardian allows you to export a policy to a .xml file. You can import that policy as a new policy. You can also modify an imported policy to create a new policy with a similar definition. You can export one policy at a time, however, you can import multiple policies at a time.
To export a policy:
In Policy Editor, navigate to the policy that you want to export.
Right-click the policy, and select Export.
To import a policy:
In Policy Editor, click Settings > Import Policies.
Select the required.xml file, and click Open.
When you create a policy, it automatically uses the default event destination. If you want to send event data to another destination, add an event destination to the policy or policy set. You can use the new event destination along with the default event destination or replace it. The updated event destination takes effect when the asset receives the updated policy information at the next heartbeat.
To assign event destinations to a policy:
In Policy Editor, click Change Guardian > Policy Assignment.
Select an asset or asset group, and click Assign Policies.
Select a policy set or policy, and click Advanced.
Select one or more event destinations to assign to the specified policy or policy set.
For information about creating event destinations, see Creating Event Destinations.
Change Guardian policies monitor assets and asset groups continuously. A monitoring schedule allows you to define specific times at which a policy or policy set monitors assets and asset groups. For example, you can suspend monitoring during scheduled maintenance times, which eliminates events generated as a result of the maintenance. When you assign a policy or policy set to an asset or asset group, you can attach a monitoring schedule.
To create a monitoring schedule, in Policy Editor, click Settings > Schedule Monitoring Time. You can set the following schedule during which you want to suspend monitoring: Mondays from 3-5 p.m. and Tuesdays from 4-6 p.m.