Other Actions on Policies

Edit Policies

You can edit the configuration of both predefined and user-defined policies. For most policies, you can adjust both the Policy Definition parameters (policy conditions) and the Policy Action parameters. For Intrusion Detection Policies, you can only adjust the Policy Action parameters.

You can also edit the Policy Action parameters for multiple policies in a bulk action.

To edit a policy:

1. On the Policies window, select the checkbox next to the required policy.

2. In the Actions drop-down box, select Edit.

   

3. The Edit Policy window appears with the current configuration.

   

4. Adjust the Policy Definition parameters as needed.

   Note: You cannot edit the Source and Destination asset groups for Intrusion Detection System (IDS) events.

5. Click Next.

6. Adjust the Policy Actions parameters as needed.

7. Click Save.

   OT Security saves the policy with the new configuration.

To edit multiple policies (bulk process):

1. On the Policies window, select the checkbox next to two or more policies.

2. In the Bulk Actions drop-down box, select Edit.

   

3. The Bulk Edit window appears with the Policy Actions available for bulk editing.

   

4. Select the checkbox next to each of the parameters that you want to edit: Severity, Syslog, and Email Group.

   

5. Set each parameter as needed.

   Note: Information entered in the Bulk Edit window overrides any current content for the selected policies. If you select the checkbox next to a parameter but do not enter a selection, then the current values for that parameter are erased.

6. Click Save.

   OT Security saves the policies with the new configuration.

Duplicate Policies

You can create a new policy that is similar to an existing policy by duplicating the original policy and making the required adjustments. You can duplicate both predefined and user-defined policies (except for Intrusion Detection Policies).

To duplicate a policy:

1. On the Policies window, select the checkbox next to the required policy.

2. In the Actions drop-down box, select Duplicate.

   

3. The Duplicate Policy window appears with the current configuration and the name is set to the default "Copy of <Original Policy Name>".

   

4. Adjust the Policy Definition parameters as needed.

5. Click Next.

6. Adjust the Policy Actions parameters as needed.

7. Click Save.

   OT Security saves the policy with the new configuration.

Delete Policies

You can delete a policy from the system. You can delete both predefined and user-defined policies (except for Intrusion Detection Policies, which can't be deleted).

You can also delete multiple policies in a bulk action.

To delete a policy:

1. On the Policies window, select the checkbox next to the required policy.

2. In the Actions drop-down box, select Delete.

   

   A confirmation window appears.

3. Click Delete.

   OT Security deletes the policy from the system.

To delete multiple policies (bulk action):

1. On the Policies window, select the checkbox next to each of the required policies.

2. In the Bulk Actions drop-down box, select Delete.

   

   A confirmation window appears.

3. Click Delete.

   OT Security deletes the policies from the system.

Delete Policy Exclusions

If you want to delete an exclusion that has been applied to a particular policy, you can do so on the Policies window.

To delete a Policy Exclusion:

1. On the Policies window, select the required policy.

2. In the Actions drop-down box, select View.

   

   Note: Alternatively, you can access the Actions menu by right-clicking on the relevant Policy.

3. Click the Exclusions tab.

   

   A list of exclusions appears.

4. Select the policy exclusion you want to delete.

5. Click Delete.

   A confirmation window appears.

6. In the confirmation window, click Delete.

   OT Security deletes the exclusion from the system.