Defining a basic condition

Basic conditions perform analyses on configuration objects. Using basic conditions, you can check for the presence, absence, or number of occurrences (the cardinality) of a configuration object. In addition, you can evaluate configuration object properties or component properties by comparing them with constant values or with other properties.

Basic conditions that analyze properties always consist of a left-hand side (LHS) operand, a comparison operator, and a right-hand side (RHS) operand. For example: ??TARGET.OS?? equals "Windows" (For the between operator, two RHS operands are required.) Certain types of cardinality conditions have only one operand and an operator, and do not have a right-hand side operand. For example: "File:/C/a.log" exists.

For a basic condition to be valid, the operands and operator must refer to the same data type, as discussed in Operand-data-types-and-operator-compatibility. Each condition returns a logical value of either TRUE or FALSE. Conditions can be combined, nested, or used in conditional structures or loops to create complex expressions for evaluation.

To define a basic condition

1. Within the basic condition line that you added (using the New Condition icon), click the Select (down arrow) icon of the LHS (left-hand side) field.
2. Define the LHS operand through the displayed selection box. The following table lists the top-level branches that appear in this selection box, and describes how you can use each of these branches to define the LHS operand.The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
   This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.
   ^{1 Certain types of server objects cannot be included as configuration objects in compliance rules. Such server objects cannot be selected from the tree-structure list of server objects and they do not appear in the list of configuration object types. These object types include various lists and containers of multiple server objects, as represented by top-level Live nodes such as Configuration, Extended Objects, and System Info.
   2 Loops are used in compliance rules but not in a discovery signature.}
   Your selection appears in the LHS operand field.
   • A configuration object appears as a string with the following syntax: "objectType:objectPath" (for example: "File:/C/a.log"). A property of the configuration object is appended to this string after a period (for example: "File:/C/a.log".size").

   • A component property appears as a string with delimiting pairs of question marks both before and after the property name (for example: ??PATH??). For a nested property, the typical syntax for the property string is ??propertySubclass.propertyName?? (for example: ??GROUP.GROUP ID??).

     Note

     If the field already contained a textual string, the new component property is inserted at the current cursor point or replaces selected text,but does not replace the full textual string.

3. In addition to, or instead of, defining the LHS operand through the selection box as described in step 2, you can edit or type directly into the LHS operand field. In this way, you can parameterize the configuration object path (for example: "File:??APP_DIR??/*.tmp"), or you can use the following wild cards in the configuration object path:The [confluence_table-plus] macro is a standalone macro and it cannot be used inline. Click on this message for details.
   This macro generates standalone content. As a consequence you need to make sure to use a syntax that separates your macro from the content before and after it so that it's on a line by itself. For example in XWiki Syntax 2.0+ this means having 2 newline characters (a.k.a line breaks) separating your macro from the content before and after it.
4. In the next drop-down box to the right, select a comparison operator (such as contains or equals). Only relevant operators are available:
   • For a configuration object, only cardinality operators are available — exists, does not exist, and the various count operators.
   • For a property, only those comparison operators that are relevant to the data type of the property specified in the LHS field are available for selection.
     For a full list of operators and the data types that support them, see Operand-data-types-and-operator-compatibility.

5. In the right-hand side (RHS) field, enter an operand in one of the following ways:

   Notes

   • No RHS operand is required for the exists and does not exist cardinality operators.
   • For certain Windows Security Setting policies, you must use the relevant pre-defined Windows value in the RHS field. For example, for  Security Settings\Local Policies\Audit Policy\Audit account logon events, compare the configuration object in the LHS field to an RHS value range of 0-3 (0=Audit No Auditing, 1=Audit Success, 2=Audit Failure, 3=Audit Success and Failure), rather than textual values.

   • Type in a configuration object property string, component property string, or a constant or parameterized value or range of values. How you specify a value, as well as what values are available, depends on your input in the LHS and operator fields.
   • Click the Select (down arrow) icon and select a configuration object property, a component property, or (within a loop) a loop variable property, as done in the LHS field.
6. Click Apply Condition Value at the end of the condition line to apply your changes to the condition (or, alternatively, leave the condition line by clicking outside of it).
   You can click Cancel Edit Operation to cancel any editing that you performed on the condition line as long as you have not yet applied your changes.