Configuring ESM policy run options

book

Article ID: 179437

calendar_today

Updated On:

Products

Control Compliance Suite Windows

Issue/Introduction

 

Resolution

Configuring ESM policy run options

Every check in a CCS 9.0 ESM standard is mapped to an ESM policy. A CCS 9.0 ESM Standard can be mapped to one or more ESM policies. Policy run options let you specify the data that the ESM data collector should collected for a given policy.

The default setting for all policies is "Do not run policy, collect data from last successful policy run." However, you can add exceptions to the default setting by adding an entry in the policy run settings for each policy that you want to customize. The ESM data collector executes a policy run on the basis of the policy run configuration.

You can configure the number of messages that you want ESM data collector to fetch for each policy run. The Symantec.CSM.ESM.Integration.dll.config file contains the MaximumPolicyRunMessageCount parameter, where you can specify the value for the message count. The Symantec.CSM.ESM.Integration.dll.config file that is located in the following location:

<Install_Directory>\CCS\Reporting and Analytics\DPS\Data Collectors\ESM

The default value is 3000.

The ESM data collector collects policy run data on the basis of the policy run configuration. The ESM data collector does not verify the agents and the modules in the policy run when it fetches the latest policy run data. The data collections job completes successfully even if the selected policy run does not contain the modules or the agents that you have specified. However, the result for the data collection job displays the corresponding errors if the policy run data is not present on the ESM manager.

The available modes for data collection are:

  • Collect data from the last policy run on the ESM Manager.

  • Run the ESM policy on the ESM manager and collect the policy run data.

  • Run policy on the ESM manager only if the last policy run is older than the <number of> days.

To configure policy run options

  • In the ESM - Manager panel of the Component Settings dialog box, click Configure policy run options.

    You can use the Configure Policy dialog box to add, modify, or remove an ESM policy.

To add or modify an ESM policy

  1. In the ESM Policy Configuration dialog box, click Add to add a policy configuration.

  2. In the Configure policy dialog box, in the Policy name text box, type the ESM policy name.

    ESM policy names are case sensitive.

  3. In the Policy run option area, click any one the following options:

    • Click Do not run policy; collect data from the last successful policy run, if you want the ESM data collector to collect data from the last successful policy run without executing a new policy run.

    • Click Run policy before data collection, if you want the ESM data collector to execute a policy run on ESM agents and collect latest data that is fetched by the ESM manager.

    • Click Run policy if data is older than <number of > days , if you want the ESM data collector to execute a policy run if the stored data is older than the number of days specified.

      The minimum value that you can specify is 1 day. The maximum value that you can specify is 65535 days.

      During data collection, the ESM data collector retrieves the timestamp of the last policy run of the selected agents for the modules that you specify. The ESM data collector then compares the most recent timestamp with the current time on the DPS computer. The ESM data collector imports the messages from the last policy run if the difference in the number of days is less than the value that you specify in the Run policy if data is older than <number of > days text box. The ESM data collector initiates a new policy run if the difference in the number of days is higher than the value that you specify. The ESM data collector then imports the policy run data to CCS 9.0.

      For example:

      Consider that the 'Security essentials W2K3MS v2.0' policy includes the 'Account Integrity' and 'Password Strength' modules. Consider the two agents: 'W2k3Server1-USA' and 'W2k3Server2-USA.' You have run all the modules of 'Security essentials W2K3MS v2.0' on both the agents on 28th September, 2008, at 11:00 a.m. Later, you fix certain violations and then run only the Password Strength module of 'Security essentials W2K3MS v2.0' policy on W2k3Server2-USA on the 29th September, 2008, at 01:00 p.m. You schedule a data collection job on the 30th September, 2008, at 11:00 a.m. to collect data for ESM agents W2k3Server1-USA and W2k3Server2-USA for the same policy and the modules. In CCS 9.0, you configure the ESM policy 'Security essentials W2K3MS v2.0' as 'Run policy if data is older than 1 days.'

      During data collection, ESM data collector retrieves the timestamp of the last policy run of the selected agents for all the selected modules. The following table displays the policy run timestamp for the 'Security essentials W2K3MS v2.0' policy on W2k3Server1-USA and W2k3Server2-USA agents.

      ESM agent

      ESM policy

      ESM module

      Timestamp of the last policy run

      W2k3Server1-USA

      Security essentials W2K3MS v2.0

      Account Integrity

      28th September, 2008, 11:00 a.m.

      W2k3Server1-USA

      Security essentials W2K3MS v2.0

      Password Strength

      28th September, 2008, 11:00 a.m.

      W2k3Server2-USA

      Security essentials W2K3MS v2.0

      Account Integrity

      28th September, 2008, 11:00 a.m.

      W2k3Server2-USA

      Security essentials W2K3MS v2.0

      Password Strength

      29th September, 2008, 01:00 p.m.


      The most recent timestamp of the values that the ESM data collector retrieves in this case is 29th September, 2008, 01:00 p.m. Assume that the data collection job is initiated as per its schedule. The ESM data collector compares the 29th September, 2008, 01:00 p.m. timestamp with the current timestamp on the DPS computer, which is 30th September, 2008, 11:00am. Since the data is not older than 1 day, the ESM data collector imports the messages from the last policy run from all the ESM agents.

  4. Click OK and close.

To delete an ESM policy

  1. In the ESM Policy Configuration dialog box, select the policy that you want to delete and then click Remove.

    You cannot delete a predefined policy.

  2. Click Yes on the message prompt that appears to confirm the deletion of the ESM policy.

Configuring the ESM manager settings