This article provides you with an overview, configuration procedure, and managing capabilities of entity enrichment policies to refine and ingest entities in the Resolution Intelligence Cloud.
With enrichment policies, define a set of rules to augment the incoming data (originating from Google Cloud, Amazon AWS, Microsoft Azure, and OpsRamp) with more comprehensive details derived from the pre-configured attributes, Functions, and tags, which in turn provide insightful data. The enrichment is driven by the conditions that you define while creating a policy. For example, an enrichment policy can be set for the asset model, the vendor, and the brand of a device, which are available as attributes in the policy.
You can enrich the following entities using Enrichment Policies:
- Users
- Networks
- IP addresses
- Hosts
- Domains
- Infrastructure and Peripherals
- Identities & access
- People & Organization
- Policy & Documentation
For more details on entities, refer to this article.
Configuring Enrichment Policies
User Permissions
The users with the following roles can create enrichment policies:
- Owner
- Global Admin
- Configuration Manager
To configure an Enrichment Policy,
- Click the gear icon at the top (or) hover over the hamburger icon in the top left corner.
- In the bottom of the left menu, click Configurations.
- In the left menu, under Entities, click Enrichment Policies.
You will be navigated to the Enrichment Policies page. - Click Create Enrichment Policy at the top right corner.
A new Enrichment Policy window opens. - Enter a title and description (optional) for the enrichment policy.
- Under Specify Enrichment Criteria section, construct the condition expression for the enrichment policy. Select a field and operator from the drop-down lists. For the value, select a value from the drop-down list or enter it manually, depending on the field type. The condition is used to determine the records to which the rule will apply.
A condition expression can consist of several phrases, joined by an And or Or. For each phrase, select a field, operator, and value. Click the button to add an additional row. Use the parentheses and And/Or options to join the phrases together to form a conditional expression. - Select the criticality as either Yes or No. Entities onboarded to the Resolution Intelligence Cloud will be assigned the criticality set here, provided the predefined conditions are satisfied
- (Optional) Under Assign tags section, add a key value pair(s) to categorize and organize the entities
- (Optional) Under Associate Functions section, add one or more functions to manage and contextualize resources related to each entity.
- (Optional) Under Meta Information section, check box next to the following types:
- IP address: provides additional context about the IP address, such as its geographical location, network details, and other relevant information.
- Location: allows the system to supplement the location information with accurate geographical coordinates, address details, and potentially additional contextual insights.
- Click Submit.
Your enriched policy will be listed in the Policies page.
Viewing an Enrichment Policy
To view an enrichment policy,
- Click the gear icon at the top (or) hover over the hamburger icon in the top left corner.
- In the bottom of the left menu, click Configurations.
- In the left menu, under Entities, click Enrichment Policies.
You will be navigated to the Enrichment Policies page. - Review this information:
-
- Name: The name of the enrichment policy.
- Description: A brief description of the enrichment policy.
- Filters: The filter conditions that determine when the policy should be applied.
- Criticality: The criticality level set by the policy. If entities meet the specified conditions, this criticality will be applied to them.
- Tags: Tags to be assigned to entities that meet the specified conditions.
- Functions: Functions to be assigned to entities that meet the specified conditions.
- Created Time: The date and time when the enrichment policy was created.
- Created By: The user who created the enrichment policy.
- Updated Time: The date and time when the enrichment policy was last updated.
- Updated By: The user who last updated the enrichment policy.
5. In the policy listing page, click the desired policy, or scroll right and click the ellipsis icon .
A drop-down list opens.
6. Click View to open the enrichment policy you want to view.
Applying an Enrichment Policy to Entities
To apply enrichment policies immediately, select the Run Now option. This instantly runs the policies, enriching entities without waiting for the scheduled execution. If you choose not to apply the policies manually, the system will automatically apply them daily using the scheduler.
To run enrichment policy:
- Click the gear icon at the top (or) hover over the hamburger icon in the top left corner.
- In the bottom of the left menu, click Configurations.
- In the left menu, under Entities, click Enrichment Policies.
You will be navigated to the Enrichment Policies page. - In the policy listing page, scroll right and click the ellipsis icon .
A drop-down list opens. - Click Run Now to apply the enrichment policy to entities.
Editing an Enrichment Policy
To edit an enrichment policy,
- Click the gear icon at the top (or) hover over the hamburger icon in the top left corner.
- In the bottom of the left menu, click Configurations.
- In the left menu, under Entities, click Enrichment Policies.
You will be navigated to the Enrichment Policies page. - In the policy listing page, scroll right and click the ellipsis icon .
A drop-down list opens. - Click Edit.
An editing window opens. - Edit the desired fields in the form.
- Click Update to save the changes.
Deleting an Enrichment Policy
To delete an enrichment policy,
- Click the gear icon at the top (or) hover over the hamburger icon in the top left corner.
- In the bottom of the left menu, click Configurations.
- In the left menu, under Entities, click Enrichment Policies.
You will be navigated to the Enrichment Policies page. - In the policy listing page, scroll right and click the ellipsis icon .
A drop-down list opens. - Click Delete. (Or)
- Check box next to each policy that you would prefer to remove.
- Click Delete.
The enrichment policy will be removed from the listing page.
Comments
0 comments
Please sign in to leave a comment.