Rule Documentation
The Rule Documentation page lists the default attributes that correspond to a rule or change documentation field in the database. Each attribute has a specific regular expression (regex), or pattern that uses JavaScript format. To document changes in your device administration tool, you enter a regular expression followed by a value for that attribute in the comments column of a rule. When Security Manager retrieves the policy, the values that you entered for each attribute are also retrieved and associated with the corresponding policy and rule in Security Manager. This process is called auto-documentation.
- This process takes rule comments (attribute names) and parses them through auto-documentation.
- The matched fields are rule metadata (rule documentation) which can be used in SIQL searches later using the p. notation or the filter bricks.
- Auto-documentation happens as part of every revision. You can add whatever devices you want, and subsequent changed revisions will run through any auto-documentation that exists.
In addition to the default rule documentation fields, you are able to create your own rule documentation field, and you can edit existing match patterns.
Permission Requirements
A user will need to be a member of a user group with the following minimum permissions granted:
-
Administration: Rule Documentation
-
Application
-
Administration
-
Security Manager
-
Open Rule Documentation
- To view a list of rule documentation fields, click System > Rule Documentation.
| Value | Description |
|---|---|
| Name | The name of the rule documentation attribute. |
| Match Pattern | The match pattern used. |
| Description | Description of the rule documentation attribute. |
| Display Input Type | Type of field: String (Text), String Array (List), Boolean, Integer, Date. Based on the selected type you will only be able to populate certain data types. This cannot be changed after the initial selection. |
| Status | Enabled or Disabled for use. |
| Include in Filters | Enabled or Disabled to be included in filters. |
| Inherit from Management Station | Enabled or Disabled for use. Managed devices can inherit rule documentation from the management station's rule documentation field values. |
|
Action menu. Options are to Edit or Enable/Disable the attribute. |
| Attribute Name | Default Match Pattern |
|---|---|
| Alert on Change | ALT:\s*(.[^;]*)\s*[;]* |
| Approver | APP:\s*(.[^;]*)\s*[;]* |
| Business Justification | jst:\s*(.[^;]*)\s*[;]* |
| Business Unit | bzu:\s*(.[^;]*)\s*[;]* |
| Change Control Number | ccn:\s*(.[^;]*)\s*[;]* |
| Create Date | cdt:\s*(.[^;]*)\s*[;]* |
| Customer | CST:\s*(.[^;]*)\s*[;]* |
| Expiration Date | exp:\s*(.[^;]*)\s*[;]* |
| Last Modified | MOD:\s*(.[^;]*)\s*[;]* |
| Next Review Date | NRD:\s*(.[^;]*)\s*[;]* |
| Owner | own:\s*(.[^;]*)\s*[;]* |
| Requestor | req:\s*(.[^;]*)\s*[;]* |
| Review Comment | RVCMT:\s*(.[^;]*)\s*[;]* |
| Review Date | RVDTE:\s*(.[^;]*)\s*[;]* |
| Review Decision | RVDEC:\s*(.[^;]*)\s*[;]* |
| Review User | RVUSR:\s*(.[^;]*)\s*[;]* |
| Verifier | VRF:\s*(.[^;]*)\s*[;]* |
There are rule documentation fields that do not require a match pattern.
-
External Ticket ID
-
Application Name
-
Ignore Behavior