search cancel

Adjusting the behavior of the Internal Audit Sink Policy based on an audit detail code

book

Article ID: 42503

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway

Issue/Introduction

The Internal Audit Sink Policy is responsible for transmitting audit records to external endpoints based on executed policy logic. It behaves like a published service policy or global policy fragment--Assertions can be used to further influence the behavior of a policy. For example: The Internal Audit Sink Policy can be configured to send audit records for requests that originate from one network to one endpoint. Alternatively, the policy can be configured to send audit records for requests from another network to a separate endpoint. Another comment example is to generate certain alerts or alarms for certain audit detail codes.

An administrator may wish to be notified if a particular endpoint is unavailable or if a certain assertion is falsified. In the primary example to be used in this article--an administrator wishes to be notified via email if one or more Threat Protection assertions are violated in policy.

Environment

Release:
Component: APIGTW

Resolution

The source policy is attached to this article.


This policy iterates through all of the audit detail messages in an audit record. Each individual audit detail message code is examined. A series of conditions are defined within the At least one assertion folder. These individual conditions are defined within the single All assertion folder. Each All folder allows an administrator to specify a conditional code via the Compare Expression assertion. It also allows an administrator to specify an action to execute when that code is encountered. The example above may do one of the following when a particular audit code is encountered:

  1. Send an email for code 7153
  2. Trigger an SNMP trap for code 9409
  3. Log a message via a preconfigured Log Sink for code 7238
  4. Transmit an HTTP GET against a published service for code 7204.

These codes and the assertions that are executed can be changed. This sample services as a baseline example for how to perform policy logic in the audit sink policy.


Attachments:

Attachments

1558722752726000042503_sktwi1f5rjvs16wlg.jpeg get_app
1558534491332TEC0000001461.zip get_app