Rule Review Page
Each review created has its own unique page.
The rule review page displays all information related to a ticket, displaying only information pertaining to the ticket selected. From this page, you can manage all aspects of the rule review process.
Clicking any linked text on the Review page will open a new tab linked to its page in Security Manager.
| Number | Value | Description |
|---|---|---|
| 1 | Review ID | The system generated review ticket number. |
| 2 | Rule | An overview of the review: Rule - Policy - Device. |
| 3 | Actions | Actions to take on the review. |
| 4 | Status Box | Overview of review assignment details. |
| Value | Description |
|---|---|
| Rule Summary | Rule: The number the rule has in the firewall policy.
Policy: The policy for the rule. Device: The device the rule is set for.
|
| Source / User Object | The IP address or addresses from which incoming firewall traffic is allowed. |
| Destination | The IP address or addresses to which outgoing firewall traffic is allowed. |
| Application Object / Service | Service: The protocol and port for the rule.
Application: The layer 7 firewall application for the rule, such as Gmail™ or Dropbox™. |
| Action / Security Profile | Action: The action the firewall is set to perform when the rule is used, which
can be ACCEPT or DROP.
Security Profile: The individual profile that has been applied to the rule. |
| Cleanup | Hit Count: The number of times the rule has been used in the last 30 days
(default).
Last Used: The timestamp the rule was last used. Properties:Orange rule property labels. The possible rule property icons are Unused, Logging Disabled, Disabled, Shadowed, Expired, No Comment, Unused Objects, and Redundant. Policy Tags: Tags that are applied at the device level. They are normalized during a retrieval. They cannot be edited within Security Manager. |
| Compliance | Failed Controls: The number of failed controls by severity assigned to the
control at creation.
Cumulative Severity: The combined total of the severity for each control failing this rule. Rule Risk Score: The ratio of vulnerabilities not exposed by this rule to total number of potential vulnerabilities, adjusted by Asset Value and effect multipliers. |
| Change | Revision: The number of the latest revision.
Date/Time: The timestamp of the revision. User: The user who saved the latest revision. |
| Tags | User: These tags are applied to the rule by a user. |
Comments—any comments that have been left for the specified object. Often used to describe the object type and use. Click to view.
ID—the unique SIP-generated identifier (not set by a user) for an object. Click to view.
Rule Documentation—the meta-data that explains the rule. Click to view.
| Value | Description |
|---|---|
| Rule Decision | The rule review-related information. Certify (approve) or Decertify (change) |
| Rule Actions | Decertify: remove or modify rule |
| Remarks | Any comments left as to the decision made. |
| Next Review Date | Used for when a rule is certified to set the next review of the rule. |
| Value | Description |
|---|---|
| Analysis | Information about the rule which could support rule removal. |
| Details | Rule Documentation |
| Comments | Any comments for the rule. |
| Attachments | Any files related to the rule. |
| Task History | Any actions performed on a rule are tracked. Consider this feature to be an audit trail for the rule. No action is needed by the user, this is an automatic process. |
| Review History | Any reviews performed on a rule are tracked. Consider this feature to be an audit trail for the rule. No action is needed by the user, this is an automatic process. |