Working with Managed Policies
Understand how managed policies are updated, and how to change subscription status and create modifiable copies.
Managed policies come in two types:
-
Tier 1 policies
-
Focus on information security-related events or changes
-
Are unsubscribed (disabled) by default for every instance of an application type
-
Provide administrator instructions on actions that should be taken
-
-
Tier 2 policies
-
Include information technology (IT)-related events, and information security events that may require context in order to be valuable. For example, a domain name that is unique to your organization may be needed.
-
Click the Name of the policy
-
Check the Description for instructions for what context needs to be added in order for the managed policy to generate alerts
-
Then copy the managed policy to a custom policy where you can make the changes
-
-
Are subscribed (enabled) by default
-
Generally need to be customized to provide context before enabling
-
To view details, configure, and copy managed policies:
- Select Configuration, Policy Management from the Navigation menu. If the Navigation Menu is not displayed, click the Navigation Menu icon to display it.
- Click the Managed tab.
- To enable a managed policy:
- To make a copy of a managed policy that you can modify as a custom policy alert: