This article provides you with an overview, configuration procedure, and managing capabilities of entity enrichment policies to refine and ingest entities in the Resolution Intelligence Cloud.
With enrichment policies, define a set of rules to augment the incoming data (originating from Google Cloud, Amazon AWS, Microsoft Azure, and OpsRamp) with more comprehensive details derived from the pre-configured attributes, Functions, and tags, which in turn provide insightful data. The enrichment is driven by the conditions that you define while creating a policy. For example, an enrichment policy can be set for the asset model, the vendor, and the brand of a device, which are available as attributes in the policy.
You can enrich the following entities using Enrichment Policies:
- Users
- Networks
- IP addresses
- Hosts
- Domains
- Infrastructure and Peripherals
- Identities & access
- People & Organization
- Policy & Documentation
For more details on entities, refer to this article.
Configuring Enrichment Policies
User Permissions
The users with the following roles can create enrichment policies:
- Owner
- Global Admin
- Configuration Manager
To configure an Enrichment Policy,
- Click the gear icon at the top (or) hover over the hamburger icon in the top left corner.
- In the bottom of the left menu, click Configurations.
- In the left menu, under Entities, click Enrichment Policies.
You will be navigated to the Enrichment Policies page. - Click Create Enrichment Policy at the top right corner.
A new Enrichment Policy window opens. - Enter a title and description (optional) for the enrichment policy.
- Under Specify Enrichment Criteria section, construct the condition expression for the enrichment policy. Select a field and operator from the drop-down lists. For the value, select a value from the drop-down list or enter it manually, depending on the field type. The condition is used to determine the records to which the rule will apply.
A condition expression can consist of several phrases, joined by an And or Or. For each phrase, select a field, operator, and value. Click the button to add an additional row. Use the parentheses and And/Or options to join the phrases together to form a conditional expression. - Select the criticality as either Yes or No. Entities onboarded to the Resolution Intelligence Cloud will be assigned the criticality set here, provided the predefined conditions are satisfied
- (Optional) Under Assign tags section, add a key value pair(s) to categorize and organize the entities
- (Optional) Under Associate Functions section, add one or more functions to manage and contextualize resources related to each entity.
- (Optional) Under Meta Information section, check box next to the following types:
- IP address: provides additional context about the IP address, such as its geographical location, network details, and other relevant information.
- Location: allows the system to supplement the location information with accurate geographical coordinates, address details, and potentially additional contextual insights.
- Click Submit.
Your enriched policy will be listed in the Policies page.
Viewing an Enrichment Policy
To view an enrichment policy,
- Click the gear icon at the top (or) hover over the hamburger icon in the top left corner.
- In the bottom of the left menu, click Configurations.
- In the left menu, under Entities, click Enrichment Policies.
You will be navigated to the Enrichment Policies page. - In the policy listing page, click the desired policy, or scroll right and click the ellipsis icon .
A drop-down list opens. - Click View to open your desired enrichment policy.
Editing an Enrichment Policy
To edit an enrichment policy,
- Click the gear icon at the top (or) hover over the hamburger icon in the top left corner.
- In the bottom of the left menu, click Configurations.
- In the left menu, under Entities, click Enrichment Policies.
You will be navigated to the Enrichment Policies page. - In the policy listing page, scroll right and click the ellipsis icon .
A drop-down list opens. - Click Edit.
An editing window opens. - Edit the desired fields in the form.
- Click Update to save the changes.
Deleting an Enrichment Policy
To delete an enrichment policy,
- Click the gear icon at the top (or) hover over the hamburger icon in the top left corner.
- In the bottom of the left menu, click Configurations.
- In the left menu, under Entities, click Enrichment Policies.
You will be navigated to the Enrichment Policies page. - In the policy listing page, scroll right and click the ellipsis icon .
A drop-down list opens. - Click Delete. (Or)
- Check box next to each policy that you would prefer to remove.
- Click Delete.
The enrichment policy will be removed from the listing page.
Comments
0 comments
Please sign in to leave a comment.