Compliance Action Rules

Many of the Compliance Policy actions contain Action Rules that include these components:

Check Objects (Checks) - Check objects define the actual file, process, value, or condition that the Compliance Software Blade looks for.
One or more Remediation objects - A Remediation object runs a specified application or script to make the endpoint computer compliant. It can also send alert messages to users.

One of these Action options - What happens when a computer violates the rule:

Action	Definition
Observe	Log endpoint activity without further action. Users do not know that they are non-compliant. Non-compliant endpoints show in the Observe state in the Reporting tab.
Warn	Alerts the user about non-compliance and automatically does the specified remediation steps. Send a log entry to the administrator.
Restrict	Alerts the user about non-compliance and automatically does the specified remediation steps. Send a log entry to the administrator. Changes applicable polices to the restricted state after a pre-defined number of heartbeats (default =5). Before this happens, the user is in the about to be restricted state. On the monitoring tab, the user is shown as pre-restricted.

Action

Definition

Observe

Log endpoint activity without further action. Users do not know that they are non-compliant. Non-compliant endpoints show in the Observe state in the Reporting tab.

Warn

Alerts the user about non-compliance and automatically does the specified remediation steps.

Send a log entry to the administrator.

Restrict

Alerts the user about non-compliance and automatically does the specified remediation steps.

Send a log entry to the administrator.

Changes applicable polices to the restricted state after a pre-defined number of heartbeats (default =5). Before this happens, the user is in the about to be restricted state. On the monitoring tab, the user is shown as pre-restricted.

The Compliance Software Blade runs the rules. If it finds violations, it runs the steps for remediation and does the Action in the rule.

Some Action Rules are included by default. You can add more rules for your environment.

Basic Workflow for defining additional compliance rules:

In the Policy tab, right-click an action in the Actions column and select Edit Properties.
Click Create Rule to create new Action Rules as necessary:
1. In the Name field, enter the Action rule name.
2. Click Check to add Check objects to add to the Action rule.
3. Select an Action from the list.
4. Click the Remediation tab to add remediation objects to the rule. If the selected Action is Observe, the rule does not require a remediation object.
5. Optional: In the Comment field, enter a comment for the action rule.

Do these steps again to create additional Action rules as necessary.