Space banner This version of the product is in limited support. However, the documentation is available for your convenience. You will not be able to leave comments.

Adding or editing conditions

There are two types of conditions; a triggering condition and a non-triggering condition. A triggering condition is a condition that happens now. A non-triggering condition is a condition that has occurred in the past. In policies, triggering and non-triggering conditions can be combined when evaluating a current condition against past conditions (for example, correlating high severity events (triggering) with past configuration changes (non-triggering).

Click here to view the predefined conditions delivered with TrueSight Network Automation.

Condition Name

Description

All Compliance Violations Cleared Now

All configuration compliance violations on the current configurations have been cleared.

All Discrepancies Cleared Now

All configuration discrepancies for the triggering device have been cleared.

Change Detected Now

A configuration change has been detected.

Change Detected Past

A configuration change was detected in the past 2 days.

Compliance Violation Detected Now

A configuration compliance violation was detected based on one or more Rules on a device.

Config Change Now

A potential configuration change has occurred on a device.

Deploy to Active Request Failed Now

A user or policy-based Deploy to Active action for a device has failed.

External Change Task Close Failure Now

The External Change Task Close task has failed.

Hardware Change Detected Now

The system has detected a hardware change on a device (for example, new or removed board, flash, or memory chip.)

Discrepancy Detected Now

A configuration discrepancy has been detected. A discrepancy is a difference between the trusted production and the current device configuration.

OS Version Changed Past

A change in the OS version has occurred within the past two days.

Remediate Request Failed Now

A user or policy remediation with a rule, rule set, or all assigned rules has failed for a device.

Severity (0/1) Now

Received a high severity (0/1) event from a device.

Severity (0/1) Past

Received multiple high severity (0/1) events in the past two days.

Snapshot Request Failed Now

A user or policy-based configuration snapshot for a device failed.

This topic describes how to add or edit conditions for use in a policy and shows some examples.

To add or edit policy conditions

  1. Open the Conditions page by clicking the Policies tab, and selecting Policies > Conditions.
  2. Perform one of the following actions:
    1. To add a new condition, click Add.
    2. To edit an existing condition, click Edit.
    3. To create a new condition by copying an existing condition, click Copy

  3. Enter or update information in the following fields:

  4. Click Save.

Editing examples

The following figures show the editing of two out-of-the-box conditions, a triggering condition and a non-triggering condition. Click each figure to enlarge.

  • Severity (0/1) Now condition, a triggering condition which detects the receipt of a high severity event from any device
  • Change Detected Past condition, a non-triggering condition

In a policy, a non-triggering condition is evaluated after a triggering condition is received. For example, Severity (0/1) Now AND Change Detected Past can be used to correlate the high severity event with a prior configuration change.

 EditNonTrigCond.pngEditTrigCond.png

Related topic

Viewing-the-conditions-listing

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*