This article presents basic commands that are common to both Out-of-the-Box and custom policies, all of which are available within the Policy Box.
Please note that depending on the user's role and permissions, some actions might appear greyed out.
Enabling a policy means executing the detection and validation phases. In practice, it involves detecting matched items and managing exceptions, if there are any. After enabling a policy, tags for matched items and exceptions will appear in the Policy Box, and the full report will be populated with the detected matched items and set exceptions.
Remember that if you enable a policy but do not enable the remediation, no actions will be executed on the detected matched items.
Remediation refers to actively managing the Matched items with the goal of resolving them. In other words, it involves executing the associated workflow to address the detected issues.
You can configure an automated schedule for the remediation process or choose to trigger it manually.
To run the remediation manually from the policy box, click on “Run remediation”. A warning will appear before proceeding!
Discover what remediation is and how it works.
Set as public
This feature allows you to control whether your delegated operators will have access to this policy. It works in conjunction with the permission to access the playbooks. Once the delegated operator is granted permission to view the playbook dashboard, they will be able to see all the public policies within that playbook.
Please note that correctly delegating a playbook or a policy to an operator is a multi-step process.