There are two types of conditions; a triggering condition and a non-triggering condition. A triggering condition is a condition that happens now. A non-triggering condition is a condition that has occurred in the past. In policies, triggering and non-triggering conditions can be combined when evaluating a current condition against past conditions (for example, correlating high severity events (triggering) with past configuration changes (non-triggering).
Click here to view the predefined conditions delivered with TrueSight Network Automation.
| |
|---|
All Compliance Violations Cleared Now | All configuration compliance violations on the current configurations have been cleared. |
All Discrepancies Cleared Now | All configuration discrepancies for the triggering device have been cleared. |
| A configuration change has been detected. |
| A configuration change was detected in the past 2 days. |
Compliance Violation Detected Now | A configuration compliance violation was detected based on one or more Rules on a device. |
| A potential configuration change has occurred on a device. |
Deploy to Active Request Failed Now | A user or policy-based Deploy to Active action for a device has failed. |
External Change Task Close Failure Now | The External Change Task Close task has failed. |
Hardware Change Detected Now | The system has detected a hardware change on a device (for example, new or removed board, flash, or memory chip.) |
| A configuration discrepancy has been detected. A discrepancy is a difference between the trusted production and the current device configuration. |
| A change in the OS version has occurred within the past two days. |
Remediate Request Failed Now | A user or policy remediation with a rule, rule set, or all assigned rules has failed for a device. |
| Received a high severity (0/1) event from a device. |
| Received multiple high severity (0/1) events in the past two days. |
Snapshot Request Failed Now | A user or policy-based configuration snapshot for a device failed. |
This topic describes how to add or edit conditions for use in a policy and shows some examples.
To add or edit policy conditions
- Open the Conditions page by clicking the Policies tab, and selecting Policies > Conditions.
- Perform one of the following actions:
- To add a new condition, click Add.
- To edit an existing condition, click Edit.
- To create a new condition by copying an existing condition, click Copy.
Enter or update information in the following fields:
The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.
- Click Save.
Editing examples
The following figures show the editing of two out-of-the-box conditions, a triggering condition and a non-triggering condition. Click each figure to enlarge.
- Severity (0/1) Now condition, a triggering condition which detects the receipt of a high severity event from any device
- Change Detected Past condition, a non-triggering condition
In a policy, a non-triggering condition is evaluated after a triggering condition is received. For example, Severity (0/1) Now AND Change Detected Past can be used to correlate the high severity event with a prior configuration change.
Viewing-the-conditions-listing