Action Rules
Many of the Compliance Policy actions contain Action Rules that include these components:
Multiple checks can be added to a single rule. A rule is considered successful if at least one of its checks succeeds.
-
Check Objects (Checks) - Check objects define the actual file, process, value, or condition that the Compliance component looks for.
-
One of these Action options - What happens when a computer violates the rule:
Action Definition Observe Log endpoint activity without further action. Users do not know that they are non-compliant. Non-compliant endpoints show in the Observe state in the Reporting tab.
Warn Alerts the user about non-compliance and automatically does the specified Remediation steps.
Send a log entry to the administrator.
Restrict Alerts the user about non-compliance and automatically does the specified Remediation steps.
Send a log entry to the administrator.
Changes applicable policies to the restricted state after a pre-defined number of heartbeats (default =5). Before this happens, the user is in the about to be restricted state. On the monitoring tab, the user is shown as pre-restricted.
-
One or more Remediation objects - A Remediation object runs a specified application or script to make the endpoint computer compliant. It can also send alert messages to users.
The Compliance component runs the rules. If it finds violations, it runs the steps for Remediation and does the Action in the rule.
Some Action Rules are included by default. You can add more rules for your environment.