Configure a Policy Rule

Traps management service provides out-of-the-box protection for all registered endpoints with a default security policy for each type of platform. To fine-tune your security policy, you customize settings in a security profile and attach that profile to a policy rule. Each policy rule that you create must apply to one or more endpoints, endpoint groups, or Active Directory (AD) objects.
Traps discards any policy rules that do not match the endpoint platform. For example, if you create a rule for Mac endpoints but select an endpoint group containing both Windows and Mac endpoints, Traps applies the rule only to the Mac endpoints.
  1. From Traps management service, select SecurityPolicy Rules.
  2. Select the platform for which you want to create a new policy rule: Windows, macOS, Linux, or Android.
  3. Create a new policy rule.
  4. Select one or more endpoints, endpoint groups, or AD objects to which the rule applies.
    1. + Add host.
      tms-policy-rules-select-type.png
    2. Use the search field and endpoint filters to narrow the results:
      • Type—By default, Traps management service displays all Agent hostnames that match your search term and selected platform type. You can also narrow the results by:
        • Group—Select an endpoint group to which to apply the rule and modify, or Define Endpoint Groups. You can also use search to display endpoint groups that match your search term.
        • AD objectAD Computer, AD OU (organizational unit), AD User, or AD Group. To assign policy rules to AD objects, you must associate Traps management service with a Directory Sync Service instance. AD objects also require you to select a Domain and are available for Windows endpoints only.
        If you select Group or an AD object as the type, Traps management service displays all results that match the Type and your search term regardless of the platform you selected.
      • Domain—By default, Traps management service displays results for all domains. To see results for a specific domain, select one from the list. The Domain filter is not available if you also filtered by endpoint Group.
      You can also use a wildcard to search for endpoints or groups that match a partial name. Use ? to match any single character or * to match any string of characters. Traps management service filters the results to match your search term as you type.
    3. To add multiple endpoints or endpoint groups, + Add host again to return to the add endpoints dialog.
  5. Select the profile to use for each type of policy.
    policy-rules-assign-profile.png
    When there are no customized profiles available, Traps management service automatically selects the default policy.
  6. Save ( save-rule-icon.png ) the rule.
  7. Change the rule position, if needed, to order the rule relative to other rules.
    Traps evaluates rules from top to bottom. When Traps finds the first match it applies that rule as the active policy. Use one of the following methods to change the rule order:
    • Hover over the rule, select the anchor on the left, and drag the rule to a new place in the rule hierarchy.
      tms-policy-rules-drag-drop.png
    • Select the edit icon next to the policy rule, and then select Move Up to precede the rule below it or Move Down to follow the rule above.
      tms-policy-rule-move-up-down.png
  8. Next steps...
    Assess Security Events triggered by security profile rules.

Related Documentation