In the Insight Policy: Details page, specify the following properties:
| Field Name | Description |
|---|---|
| Name | User-defined name of the Insight Policy. You can specify up to 64 ASCII characters. |
| Status | Indicates if the Insight Policy is enabled or disabled. If you set the status to OFF, then the actions defined in the policy will never fire even if the trigger conditions are met. |
| Description | Optional description of the Insight Policy. |
In the Define Trigger page, select an activity trigger type from the Watch for drop-down menu. The trigger options differ depending on which trigger type you select.
- Select Unusual User Activity Behavior to monitor users who perform unusual activities.
- Select Unusual Volume of Activity Behavior to monitor volumes of activity greater than a defined threshold.
Select the activity trigger options. The following table describes the options available.
| Content | Description |
|---|---|
| Monitored Time range selector | Allows you to focus on a desired time period to monitor. Click and drag the range selector handles in the range selector bar. |
| Trigger Actions | Allows you to select how often actions are triggered. Options include Not more than once every Hour or Day Per User Per System. |
| Activity Types (Unusual User Activity Behavior) |
Allows you to select user activities to monitor including when users create, read, update, rename, or delete content. |
| Activity Thresholds (Unusual Volume of Activity Behavior) |
Allows you to specify activities that exceed a threshold in a specified time. Click the plus sign to add a new activity threshold. After an activity threshold has been added, it can be modified by clicking the edit button. Note: An Activity Threshold must be added to the trigger before continuing. The Threshold Crossing dialog allows you to specify the threshold for monitoring user activities. When you have finished defining the threshold crossing, click Apply to add the activity threshold. |
| Users to Monitor | Allows you to identify all users or specific users to monitor. |
| File Path Filter | Allows you to specify a file path to search. See Using the File Path Search Option. |
- Global (the default) allows you to monitor all VMs in the CloudAdvisor inventory.
- Specific Targets allows you to identify specific VMs to which the policy applies. When you select this option, CloudAdvisor displays a list of all available VMs. Select (check) the check box next to each VM on which you want to use this Insight Policy.
On the Choose Actions tab, click Add Action Now and select the action you want CloudAdvisor to take if the trigger condition fires.
Options
| Action | Description |
|---|---|
| Create Snapshot |
Have CloudAdvisor request that the associated virtualization manager create a snapshot for the targets. CloudAdvisor then uses the snapshot to create a DiscoveryPoint. The snapshot can be created with a lock that prevents the snapshot and its corresponding DiscoveryPoint from being deleted. For more information, see Snapshot Schedules and DiscoveryPoints. |
| Disable AD User |
Disable an Active Directory (AD) user account. Users in violation of the Insight Policy will be disabled on the AD server. If the Active Directory settings are not configured, you will be prompted to configure those settings before continuing. See Active Directory Tab. |
|
Send an email notification with a customized subject to a set of users. Email notifications will include any matches to the policy trigger, as well as the ability to click into the search results and activities relevant to the policy matches. If the Email settings are not configured, you will be prompted to configure those settings before continuing. For more information, see Defining Email Settings. |
|
| Notify Slack |
Send a notification to the default Slack channel, a specific Slack channel, or Slack user to inform the system administrator of an event that matches the policy criteria. If the Slack settings are not configured in the System Settings, you will be prompted to configure those settings before continuing. For moreinformation, see Defining Slack Notifier Settings. |
| System Event | Log a system event at a specified severity level. System events will be generated when scanned content matches the search criteria. The system event message will indicate the number of new matches and details about the target. |
Configure the selected action. The options available depend upon the action you selected in the previous step.
Options
| Selected Action | Available Options |
|---|---|
| All Actions | Status — Indicates whether the action is enabled or disabled. Disabled actions will be skipped even if the policy trigger fires. |
| Create Snapshot |
Lock — Indicates if the snapshot created will be locked or unlocked. A lock on a snapshot prevents the snapshot from being deleted so that you can inspect the snapshot or DiscoveryPoint. Unlocked snapshots will be deleted according to the retention period defined in the Snapshot Schedule. |
| Disable AD User |
Users in violation of the insight policy will be disabled on the AD server defined under Home > System > System Settings > Settings > Active Directory. The AD server and the CloudAdvisor Service Account must be configured before you can add this action to the Insight Policy. |
|
|
| Notify Slack |
Slack Channel — Indicates the channel that will be used for the slack notification. This field accepts the following formats:
If you do not enter a value in this field, the default Slack channel currently configured in the System Settings will be used. See Defining Slack Notifier Settings. |
| System Event | Severity Type — The severity of the system alert to be generated. Levels (color): Emergency (red), Alert (red), Critical (orange), Error (orange), Warning (yellow), Notice (green), Informational (green). |
