How a rule for a policy type is processed
The processing of a rule for a policy type is a follows:
The
using_policy
clause finds the applicable policy, that is, the instance of the user-defined policy class (derived fromIM_POLICY
).
These class definitions describe the slots available in a policy class:MC_DATA_CLASS : POLICY ISA CORE_DATA DEFINES { name : STRING, key = yes, read_only = yes; description : STRING; enabled : INTEGER, default = 1; }; END MC_DATA_CLASS: IM_POLICY ISA POLICY DEFINES { active_timeframes : LIST_OF STRING; except_timeframes : LIST_OF STRING; selector_name : STRING; selector_class : STRING; selector_ecf : ECF EVENT; ordinal : INTEGER, default=0; }; END
- The
tf_active
calls evaluates timeframes for the policy. - The selector ECF selects the event to process.
- The actions implement the policy and the
opadd
call adds an entry to the operations log of the event.
Was this page helpful? Yes No
Submitting...
Thank you
Comments
Log in or register to comment.