Skip to content

Admin Features

KanchanaAradhya edited this page Jan 7, 2019 · 30 revisions

PacBot Admin Features

Create Asset Group

Update Asset Group

Delete Asset Group

Rule\Policy Configuration

Rule Troubleshooting

Create Asset Group

To Create new asset group follow below steps.

Step 1:

Go to admin tab and click on Asset Group widget then click on Create Asset Group on your right.

Step 2:

Fill in the Group Details and click on Next

Step 3:

Select the Domains from the Domain Details and click on Next

Step 4:

Select the Targets from the Target Details and click on Next

Step 5:

Click on CONFIG from the selected Target type from the Attribute Details

Step 6:

Configure the attributes for target type and click close(X) button

Step 7:

Click on Submit to create the asset group

Update Asset Group - Update

To update an asset group follow the below steps

Step 1:

Go to admin tab and click on Asset Group widget then Search for the asset group to delete on your right. Click the drop down on the actions column to update and click EDIT

Step 2:

Update the Group Details if needed and click on Next

Step 3:

Update the attribute details by adding/removing target types and by adding/removing attributes if needed. Click on Update to update the asset group

Delete Asset Group

To delete an asset group follow the below steps

Step 1:

Go to admin tab and click on Asset Group widget then Search for the asset group to delete on your right. Click the drop down on the actions column to delete and click Delete

Step 2:

Click DELETE on the confirmation page

Target Types

Target type refers to an actual entity for which PacBot collects data. Policies are evaluations are done on top of the data collected for a Target Type. In AWS each resource type is defined as a target type. You can create an logical entity, for example an API could be a target type and you could create rules measure some API policy compliance.

Target Type Creation

To create a new target type follow below steps.

Step 1:

Go to admin tab and click on Target Type widget then click on CREATE TARGET TYPE on your right.

Step 2:

Fill in the Target Type details and click on Create

Policy

Policy Creation

To create new policy follow below steps.

Step 1:

Go to admin tab and click on policies widget then click on create policy on your right.

Step 2:

Enter below required details then click create it will generate unique policy Id.

Rule Creation

Step 1:

Go to admin tab and click on Rules widget then click on CREATE RULES on your right.

Step 2:

Select the policy you created during the policy creation

Step 3:

After configuring the required data,select the Rule Type as federated rule and upload the jar which you have created under the target folder by maven install of your custom rule

Step 3:

While entering the rule params, give the ruleKey as in your class key as shown below, severity as one of the critical,high,medium,low and ruleCategory as one of the governance,security,costOptimization etc Also enter your rule based params if exists.

NOTE : a) Dont forget to configure the key params such as ruleKey,severity,ruleCategory since they are required params.

b)Dont make the typo mistake during the configuration of these 3 params

Step 4:

Enter below required fields then click on CREATE button then it will create unique RuleId.

Rule Invocation

Step 1:

Go to admin tab and click on Rules widget then search RuleId which you would like to invoke

click on Actions and select invoke

Rule Troubleshooting

To ensure the rule is successfully created/triggered then follow the steps

Step 1:

Execute the below query and ensure the entry SELECT * FROM cf_RuleInstance A, cf_Policy B WHERE A.policyId = B.policyId AND A.status = 'ENABLED' AND B.policyId = 'PacMan_TaggingRule_version-1' AND A.ruleId = 'PacMan_TaggingRule_version-1_Ec2TaggingRule_ec2'

NOTE : ruleId and policyId which mentioned in the above query is an example

Step 2:

Go to Elasticsearch and query for frestats to ensure the trigger has happened to the currently configured rule as shown

Step 3:

Go to compliance tab in the PacBot-->search the rule which you have configured-->and find the entry

You can’t perform that action at this time.