Entity Enrichment Policies

  • Updated
Table of Contents:

This article provides you with an overview, configuration procedure, and managing capabilities of entity enrichment policies to refine and ingest entities in the Resolution Intelligence Cloud.

With enrichment policies, you can define a set of rules to augment incoming data (originating from Google Cloud, Amazon AWS, Microsoft Azure, and OpsRamp) with more comprehensive details derived from attributes such as criticality, functions, and tags, which in turn provide valuable insights. Additionally, you can add IP address and location as metadata to further enrich the entity. The enrichment process is driven by the conditions you define while creating the policy. For example, an enrichment policy can be set for the asset model, vendor, and brand of a device, which are available as attributes within the policy.

You can enrich the following entities using Enrichment Policies:

  • Users
  • Networks
  • IP addresses
  • Hosts
  • Domains
  • Infrastructure and Peripherals
  • Identities & access
  • People & Organization
  • Policy & Documentation

For more details on entities, refer to this article.

Creating Enrichment Policies

User Permissions

The users with the following roles can create enrichment policies:

  • Owner
  • Global Admin
  • Configuration Manager

To create an Enrichment Policy,

  1. Click the gear icon Picture1.png at the top (or) hover over the hamburger icon Picture2.png in the top left corner.
  2. In the bottom of the left menu, click Configurations.
  3. In the left menu, under Entities, click Enrichment Policies.
    You will be navigated to the Enrichment Policies page.
  4. Click Create Enrichment Policy at the top right corner.
    A new Enrichment Policy window opens.
  5. Enter a title and description (optional) for the enrichment policy.
  6. Under Specify Enrichment Criteria section, construct the condition expression for the enrichment policy. Select a field and operator from the drop-down lists. For the value, select a value from the drop-down list or enter it manually, depending on the field type. The condition is used to determine the records to which the rule will apply.
    A condition expression can consist of several phrases, joined by an And or Or. For each phrase, select a field, operator, and value. Click the Picture3.png  button to add an additional row. Use the parentheses and And/Or options to join the phrases together to form a conditional expression.

7. Under the Choose Attributes to Enrich section, select the check box next to the following attributes:

    • Set Criticality: Choose either Yes or No. Entities will be assigned with the selected criticality, provided the predefined conditions are met.
    • Assign Tags: Select this check box to add key-value pairs for categorizing and organizing entities.
    • Associate Functions: Use this section to add one or more functions to manage and contextualize resources related to each entity.

8. Under the Choose Meta Information to Enrich section, select the check box next to the following types:

    • IP Address: Provides additional context about the IP address, including geographical location, network details, and other relevant information. If publicly available, IP information is fetched from ipinfo.io and displayed.
    • Location: Enhances location details with accurate geographical coordinates, address information, and additional contextual insights. 

9. Click Submit to create an enrichment policy. Your enriched policy will be listed in the Policies page.

Viewing an Enrichment Policy

To view an enrichment policy,

  1. Click the gear icon Picture1.png at the top (or) hover over the hamburger icon Picture2.png in the top left corner.
  2. In the bottom of the left menu, click Configurations.
  3. In the left menu, under Entities, click Enrichment Policies.
    You will be navigated to the Enrichment Policies page.
  4. Review this information:
    • Name: The name of the enrichment policy.
    • Description: A brief description of the enrichment policy.
    • Filters: The filter conditions that determine when the policy should be applied.
    • Criticality: The criticality level set by the policy. If entities meet the specified conditions, this criticality will be applied to them.
    • Tags: Tags to be assigned to entities that meet the specified conditions.
    • Functions: Functions to be assigned to entities that meet the specified conditions.
    • Created Time: The date and time when the enrichment policy was created.
    • Created By: The user who created the enrichment policy.
    • Updated Time: The date and time when the enrichment policy was last updated.
    • Updated By: The user who last updated the enrichment policy.

5. In the policy listing page, click the desired policy, or scroll right and click the ellipsis icon Picture7.png.
A drop-down list opens.

6. Click View to open the enrichment policy you want to view. 

Applying an Enrichment Policy to Entities

To apply enrichment policies immediately, select the Run Now option. This instantly runs the policies, enriching entities without waiting for the scheduled execution. If you choose not to apply the policies manually, the system will automatically apply them daily using the scheduler.

To run enrichment policy:

  1. Click the gear icon Picture1.png at the top (or) hover over the hamburger icon Picture2.png in the top left corner.
  2. In the bottom of the left menu, click Configurations.
  3. In the left menu, under Entities, click Enrichment Policies.
    You will be navigated to the Enrichment Policies page.
  4. In the policy listing page, scroll right and click the ellipsis icon Picture7.png.
    A drop-down list opens.
  5. Click Run Now to apply the enrichment policy to entities. 

Exporting enrichment policies

Use this procedure to export all enrichment policies from a tenant to a JSON file. This file can then be imported into a different tenant to upload all these enrichment policies at once.

To export enrichment policies:

  1. Click the gear icon Picture1.png at the top (or) hover over the hamburger icon Picture2.png in the top left corner.
  2. At the bottom of the left menu, click Configurations.
  3. In the left menu, under Entities, select Enrichment Policies. You will be redirected to the Enrichment Policies page.
  4. Click Export to download all enrichment policies as a JSON file.

Editing an Enrichment Policy

To edit an enrichment policy,

  1. Click the gear icon Picture1.png at the top (or) hover over the hamburger icon Picture2.png in the top left corner.
  2. In the bottom of the left menu, click Configurations.
  3. In the left menu, under Entities, click Enrichment Policies.
    You will be navigated to the Enrichment Policies page.
  4. In the policy listing page, scroll right and click the ellipsis icon Picture7.png.
    A drop-down list opens.
  5. Click Edit.
    An editing window opens.
  6. Edit the desired fields in the form.
  7. Click Update to save the changes.

Deleting an Enrichment Policy

To delete an enrichment policy,

  1. Click the gear icon Picture1.png at the top (or) hover over the hamburger icon Picture2.png in the top left corner.
  2. In the bottom of the left menu, click Configurations.
  3. In the left menu, under Entities, click Enrichment Policies.
    You will be navigated to the Enrichment Policies page.
  4. In the policy listing page, scroll right and click the ellipsis icon Picture7.png.
    A drop-down list opens.
  5. Click Delete. (Or)
  6. Check box next to each policy that you would prefer to remove.
  7. Click Delete.
    The enrichment policy will be removed from the listing page.

Deactivating an Enrichment policy

To deactivate an enrichment policy:

  1. Click the gear icon Picture1.png at the top (or) hover over the hamburger icon Picture2.png in the top left corner.
  2. In the bottom of the left menu, click Configurations.
  3. In the left menu, under Entities, click Enrichment Policies.
    You will be navigated to the Enrichment Policies page.
  4. On the Policy Listing page, scroll right and click the ellipsis icon.
    A drop-down list appears.
  5. Click Deactivate. A confirmation dialog box appears.
  6. Click Yes to deactivate the enrichment policy. Once deactivated, the policy status changes to Deactivated, and entities will no longer be enriched with the selected attributes, even if the conditions set in the policy are met.

You can activate a deactivated policy by clicking the ellipsis icon and selecting Activate. This updates the policy status from Deactivated to Active.

Viewing the history of enrichment policies

The History section includes both Activity and Run History. The Run History section lists all manual executions of the enrichment policy, while the Activity section logs all user actions related to the policy.

  1. Click the gear icon Picture1.png at the top (or) hover over the hamburger icon Picture2.png in the top left corner.
  2. In the bottom of the left menu, click Configurations.
  3. In the left menu, under Entities, click Enrichment Policies.
    You will be navigated to the Enrichment Policies page.
  4. On the Policy Listing page, scroll right and click the ellipsis icon.
  5. From the drop-down list, select History to open the History side sheet, which displays both Activity and Run History.
  6. Click All to view both Activity and Run History together.
  7. Click Activity to see the actions performed by the user on this enrichment policy.
  8. Click Run History to view the number of times the policy was manually executed and the user who triggered it.

Related articles

Comments

0 comments

Please sign in to leave a comment.