Important

   

Starting version 8.9.03, BMC Network Automation is renamed to TrueSight Network Automation. This space contains information about BMC Network Automation 8.9.02 and previous versions. For TrueSight Network Automation 8.9.03 and later releases, see the TrueSight Network Automation documentation.

Adding or editing conditions

There are two types of conditions; a triggering condition and a non-triggering condition. A triggering condition is a condition that happens now. A non-triggering condition is a condition that has occurred in the past. In policies, triggering and non-triggering conditions can be combined when evaluating a current condition against past conditions (for example, correlating high severity events (triggering) with past configuration changes (non-triggering).

  Click here to view the predefined conditions delivered with BMC Network Automation.

Condition Name

Description

All Compliance Violations Cleared Now

All configuration compliance violations on the current configurations have been cleared.

All Discrepancies Cleared Now

All configuration discrepancies for the triggering device have been cleared.

Change Detected Now

A configuration change has been detected.

Change Detected Past

A configuration change was detected in the past 2 days.

Compliance Violation Detected Now

A configuration compliance violation was detected based on one or more Rules on a device.

Config Change Now

A potential configuration change has occurred on a device.

Deploy to Active Request Failed Now

A user or policy-based Deploy to Active action for a device has failed.

External Change Task Close Failure Now The External Change Task Close task has failed.
Hardware Change Detected Now The system has detected a hardware change on a device (for example, new or removed board, flash, or memory chip.)

Discrepancy Detected Now

A configuration discrepancy has been detected. A discrepancy is a difference between the trusted production and the current device configuration.

OS Version Changed Past

A change in the OS version has occurred within the past two days.

Remediate Request Failed Now

A user or policy remediation with a rule, rule set, or all assigned rules has failed for a device.

Severity (0/1) Now

Received a high severity (0/1) event from a device.

Severity (0/1) Past

Received multiple high severity (0/1) events in the past two days.

Snapshot Request Failed Now

A user or policy-based configuration snapshot for a device failed.

This topic describes how to add or edit conditions for use in a policy and shows some examples.

To add or edit policy conditions

  1. Open the Conditions page by clicking the Policies tab, and selecting Policies > Conditions.

  2. Perform one of the following actions:

    Icon Action Description

    Add Add a new condition.
    Edit Edit an existing condition in the relevant row.
    Copy Create a new condition by copying and editing an existing condition in the relevant row.
  3. Enter or update information in the following fields:

    Field

    Description

    Name

    Specify a unique name for the condition. Up to 40 characters.

    Keyword

    Select a keyword for the condition to match. Select if triggering (now) or non-triggering (past) condition.

    Network Span

    Select the network span. When the network span is Entire Network, Realm or Group, you can use Filter Devices to further narrow which devices to include in the policy. Select the blank or empty network span when an operation (for example, delete a rule or add a role) is executed and the keyword matches an event whose target is not a network span (for example, the target is a user or a job). Select a non-blank network span to match events whose target is a device, group, or realm.

    Note:

    The Entire Network option appears only for the users who have the Full Rights network right. Only users with the Full Rights network right can then manage (edit, copy, and delete) a condition that is assigned to the entire network.

    Duration

    (Required, non-triggering condition only) Specify for duration for condition. For example, a condition stating a configuration change has been detected in past 48 hours would set the Keyword = Change Detected and Duration to Last 2 Day(s).

    Occurrence Count

    (Required, non-triggering condition only) Specify the number of times the keyword event must occur for the selected Network Span and Duration for the condition to be true.

  4. Click Save.

Editing examples

The following figures show the editing of two out-of-the-box conditions, a triggering condition and a non-triggering condition. Click each figure to enlarge.

  • Severity (0/1) Now condition, a triggering condition which detects the receipt of a high severity event from any device
  • Change Detected Past condition, a non-triggering condition

In a policy, a non-triggering condition is evaluated after a triggering condition is received. For example, Severity (0/1) Now AND Change Detected Past can be used to correlate the high severity event with a prior configuration change.

  

Related topic

Viewing the conditions listing

Was this page helpful? Yes No Submitting... Thank you

Comments