Oracle® Adaptive Access Manager Administrator's Guide Release 10g (10.1.4.5) Part Number E12055-03 |
|
|
View PDF |
Grouping enables you to view and administer a collection of like items as a single group. Adaptive Risk Manager Online enables you to create groups for more efficient administration.
This chapter provides information on creating, editing, and importing and exporting groups.
This section describes how to add items to groups individually. Auto-population and bulk uploads directly in the database are also available as part of the custom installation and integration process.
This section describes how to create and edit user ID, location, and device groups.
To create a new group of user IDs
On the Admin menu point to Groups, and then click Create Group.
The Create Group page appears.
In the Group Name box, type a unique name for the group.
Click in the Group Type box and select User ID.
User groups do not support caching policy so it should be set to None.
Type any description and notes you want.
Click Create.
The Group Details page appears.
To change the group's name, type, or notes, see "Viewing Details about a Group".
Click Edit Group.
The Edit Groups page appears. The name of the group you are editing is pre-selected in the list of Groups.
In the User Id box, type the user Id of a user member you want to add to the group, and then click Add.
The User ID appears in the list of Member Users.
To create a group of cities
On the Admin menu point to Groups, and then click Create Group.
The Create Groups page appears.
In the Group Name box, type a unique name for the group.
Click in the Group Type box and choose Cities.
Click in the Caching Policy box and select the caching policy you want.
Refer to "Caching Policy Options" for details about caching policy options.
Type any description and notes you want.
Click Create.
The Group Details page appears.
To change the group's name, type, or notes, see "Viewing Details about a Group".
Click Edit Group.
Click in the Country box and choose the country you want.
The Edit Groups page appears. The name of the group you are editing is pre-selected in the list of Groups.
Click in the State box and choose the state you want.
In the list of Available Cities, click the city you want to add, and then click Add.
On the Admin menu point to Groups, and then click Create Group.
In the Group Name box, type a unique name for the group.
The Create Group page appears.
Click in the Group Type box and choose States.
Click in the Caching Policy box and select the caching policy you want.
Refer to "Caching Policy Options" for details about caching policy options.
Generally the full cache setting gives the best performance.
Type any description and notes you want.
Click Create.
The Group Details page appears.
To change the group's name, type, or notes, see "Viewing Details about a Group".
Click Edit Group.
The Edit Groups page appears. The name of the group you are editing is pre-selected in the list of Groups.
Click in the Country box and choose the country you want.
In the list of Available States, click the state you want to add, and then click Add.
To create a group of countries
On the Admin menu point to Groups, and then click Create Group.
The Create Group page appears.
In the Group Name box, type a unique name for the group.
Click in the Group Type box and choose Countries.
Click in the Caching Policy box and select the caching policy you want.
Refer to "Caching Policy Options" for details about caching policy options.
Generally the full cache setting gives the best performance.
Type any description and notes you want.
Click Create.
The Group Details page appears.
To change the group's name, type, or notes, see "Viewing Details about a Group".
Click Edit Group.
The Edit Groups page appears. The name of the group you are editing is pre-selected in the list of Groups.
In the list of Available Countries, click the country you want to add, and then click Add.
On the Admin menu point to Groups, and then click Create Group.
The Create Group page appears.
In the Group Name box, type a unique name for the group.
Click in the Group Type box and choose IPs.
Click in the Caching Policy box and select the caching policy you want.
Refer to "Caching Policy Options" for details about caching policy options.
Generally the full cache setting gives the best performance.
Type any description and notes you want.
Click Create.
The Group Details page appears.
To change the group's name, type, or notes, see "Viewing Details about a Group".
Click Edit Group.
The Edit Groups page appears. The name of the group you are editing is pre-selected in the list of Groups.
Type the IP address you want to include in the group, and then click Add.
To create a group of IP ranges
On the Admin menu point to Groups, and then click Create Group.
The Create Group page appears.
In the Group Name box, type a unique name for the group.
Click in the Group Type box and choose IP Ranges.
Click in the Caching Policy box and select the caching policy you want.
Refer to "Caching Policy Options" for details about caching policy options.
Generally the full cache setting gives the best performance.
Type any description and notes you want.
Click Create.
The Group Details page appears.
To change the group's name, type, or notes, see "Viewing Details about a Group".
Click Edit Group.
The Edit Groups page appears. The name of the group you are editing is pre-selected in the list of Groups.
Select from the list of Available IP Ranges, click the IP range you want to add to the group and click Add.
If none exist you can create new IP ranges from the Admin menu.
On the Admin menu point to Groups, and then click Create Group.
The Create Group page appears.
In the Group Name box, type a unique name for the group.
Click in the Group Type box and choose Devices.
Click in the Caching Policy box and select the caching policy you want.
Refer to "Caching Policy Options" for details about caching policy options.
Type any description and notes you want.
Click Create.
The Group Details page appears.
To change the group's name, type, or notes, see "Viewing Details about a Group".
Click Edit Group.
The Edit Groups page appears. The name of the group you are editing is pre-selected in the list of Groups.
To search for devices, enter search criteria to limit returns and click Submit Query.
Select any number of devices from the list of available devices and click Add.
To add a specific device to the group without running a query, click in the Device ID box at the bottom of the page, type the device ID and click Add.
An actions group is a set of responses that are triggered by a rule.
An alert group contains graded messages that can be triggered by a rule.
Action groups and alert groups are used as results within rules so that when a rule is triggered all of the actions or alerts within the groups are activated.
This section describes how to place a selection of actions into a group and how to configure/add alerts to a group.
On the Admin menu point to Groups, and then click Create Group.
The Create Group page appears.
In the Group Name box, type a unique name for the group.
Click in the Group Type box and choose Actions.
Action groups are always cached so Caching Policy should be set to Full Cache.
Type any description and notes you want.
Click Create.
The Group Details page appears.
To change the group's name, type, or notes, see "Viewing Details about a Group".
Click Edit Group.
The Edit Groups page appears. The name of the group you are editing is pre-selected in the list of Groups.
In the list of Available Actions, click the action you want to add to the group, and then click Add.
To create an alert group
On the Admin menu point to Groups, and then click Create Group.
The Create Group page appears.
In the Group Name box, type a unique name for the group.
Click in the Group Type box and select Alerts.
Alert groups are always cached so Caching Policy should be set to Full Cache.
Type any description and notes you want.
Click Create.
The Group Details page appears.
To change the group's name, type, or notes, see "Viewing Details about a Group".
Click Edit Group.
The Edit Groups page appears. The name of the group you are editing is pre-selected in the list of Groups.
Click in the Alert Level box and select the alert level you want.
Click in the Alert Type box and select the alert type you want.
Type an alert message. In most cases this message should correspond to the rule that will be configured to activate it.
Click Add.
In addition to user, location, device, alert, and action groups, Adaptive Risk Manager Online enables you to create these group types:
ISP
ASN
Top Level Domains
Second Level Domains
Ip Carriers
Routing Type
Connection Type
Connection Speed
Generic Strings
Generic Integers
Generic Longs
To create a network, service provider, or system group
On the Admin menu point to Groups, and then click Create Group.
The Create Group page appears.
In the Group Name box, type a unique name for the group.
Click in the Group Type box and select the type you want.
Click in the Caching Policy box and select the caching policy you want.
Refer to "Caching Policy Options" for details about caching policy options.
Type any description and notes you want.
Click Create.
The Group Details page appears.
To change the group's name, type, or notes, see "Viewing Details about a Group".
Click Edit Group.
The Edit Groups page appears. The group you are editing is pre-selected.
In the String Value field, enter the value you want.
Click Add.
You can edit a group whenever you want.
On the Admin menu point to Groups, and then click Edit Groups.
The Edit Groups page appears.
To filter the list of groups, click in the Group Type box and select the type you want.
In the list of Groups, select the group you want to edit.
The Edit Group page appears and displays the options appropriate for the type of group you selected.
Add or delete members of the group as necessary.
For additional information, see "Creating a Group of Alerts or Actions".
You can update a group directly in the XML file. For example, you can perform a bulk update to a blacklisted IP group based on a monthly list of high risk IPs gained from a 3rd party service.
Export the group you want to update.
Open the XML and make the edits you want.
Import the group to either overwrite or append to the previous version.
You can use the Export and Import Groups commands to export and import a group as an XML file.
To export a group
On the Admin menu, point to Groups and click then click Export Groups.
The Export Groups page appears.
Enter search criteria and click Run Query to locate the group.
Click the check box next to each group you want to export.
Click Export in the lower right corner of the page.
Click OK to the confirmation.
The Open dialog box appears.
Click Save To Disk and then click OK.
The file is exported.
On the List Groups page, you can view a list of all groups, a list of groups of a certain type, or you can view just one group. The List Groups page provides access to the Group Details page and the Edit Group page for any group.
To view a list of all groups
On the Admin menu, point to Groups, and then click List Groups.
The List Groups page appears.
To display only the type of group you want to edit, select the type you want from the Group Type list and click Submit Query.
To find a specific group, in the Group Name box enter the name of the group and click Submit Query.
To edit a group in the list, click the wrench icon to the left of the group you want to edit.
To view the Details for a group, click the Group Name.
To delete a group, select the check box to the left of the group name and then click Delete.
If the group is currently linked to a rule you will not be allowed to delete it.
The Group Details page enables you to view or change details about a group.
To modify details about a group
On the Admin menu point to Groups, and then click List Groups.
The List Groups page appears.
Select the search criteria you want and click Submit Query.
Click a group name to view the details page for that group.
The Group Details page appears.
To change the group name, click in the Group Name box and type a new name and then click Save.
Groups offer two caching policy options: Full Cache or None.
The "Full Cache" option caches group contents in server memory for the lifetime of the server. Static lookup groups, read-only groups, are good candidates for the "Full Cache" option. Administrators need to be careful using this option as it uses server memory. A long list of elements can have an adverse affect since groups are re-cached if there are changes to the list.
The "None" Caching Policy option does not use cache and consults the database every time. Devices and USER ID groups are defaulted to "None" because in most cases, they are dynamic and manipulated while the server is running. If you have Devices and USER ID type groups that stay static for the lifetime of the server, you can use the "Full Cache" option instead of "None."