Creating a Content Insight Policy

CloudAdvisor uses content-based Insight Policies to automatically monitor content for specific match criteria including tags, file fingerprints, properties, and user interactions with that specific content and allows you to perform actions on the content found.

1. From the Home tab, select Discover > Insight Management.
2. In the tab menu bar, click Policies.
3. Click Add Insight Policy.
4. Select Content and click Continue.

5. In the Details tab, specify the following properties:

   Field Name	Description
   Name	A user-defined name for the Insight Policy. You can enter up to 64 ASCII characters.
   Status	Indicates whether the Insight Policy is enabled or disabled.
   Description	A user-defined description of the Insight Policy.

6. Click Continue.

7. In the Define Trigger tab, click in the search bar to define search criteria. You can create a search using one of two methods — manually typing textual search criteria directly into the search bar or building the search using the CloudAdvisor Search Builder. For more information, see Search Options.

8. Click Continue once you have added the search criteria.
9. Specify the VMs that you want to monitor with this Insight Policy:
   • Global (the default) allows you to monitor all VMs in the CloudAdvisor inventory.
   • Specific Targets allows you to identify specific VMs to which the policy applies. When you select this option, CloudAdvisor displays a list of all available VMs. Select (check) the check box next to each VM on which you want to use this Insight Policy.
10. Click Continue.

11. On the Choose Actions tab, click Add Action Now and select the action you want CloudAdvisor to take if the trigger condition fires.

    Options

    Action	Description
    Email	Send an email notification with a customized subject to a set of users. Email notifications will include any matches to the policy trigger, as well as the ability to click into the search results and activities relevant to the policy matches. If the Email settings are not configured, you will be prompted to configure those settings before continuing. For more information, see Defining Email Settings.
    Encrypt data using DataControl	If you have linked CloudAdvisor to one or more KeyControl clusters, this option lets you automatically encrypt the drives containing the sensitive data using the HyTrust DataControl Policy Agent. If an App Link does not already exist between CloudAdvisor and KeyControl, you will be prompted to configure one. For more information, see Linking CloudAdvisor with KeyControl.
    Label VM in CloudControl	If you have linked CloudAdvisor with one or more CloudControl servers, this option lets you add a CloudControl label to the VM. The list of available labels is retrieved from the selected CloudAdvisor server, so the CloudControl server must be accessible when you configure this action. If an App Link does not already exist between CloudAdvisor and CloudControl, you will be prompted to configure one. For more information, see Linking CloudAdvisor with CloudControl.
    Notify Slack	Send a notification to the default Slack channel, a specific Slack channel, or Slack user to inform the system administrator of an event that matches the policy criteria. If the Slack settings are not configured in the System Settings, you will be prompted to configure those settings before continuing. For moreinformation, see Defining Slack Notifier Settings.
    System Event	Log a system event at a specified severity level. System events will be generated when scanned content matches the search criteria. The system event message will indicate the number of new matches and details about the target.
    Tag VM(s)	Apply a VMware tag to a VM. Tags allow you to identify VMs that are in violation of the Insight Policy.

12. Click Continue.

13. Configure the selected action. The options available depend upon the action you selected in the previous step.

    Options

    Selected Action	Available Options
    All Actions	Status — Indicates whether the action is enabled or disabled. Disabled actions will be skipped even if the policy trigger fires.
    Email	To — A comma separated list of email addresses to which an email will be sent if the policy trigger fires. Subject — The subject line that CloudAdvisor should use for the email.
    Encrypt data using DataControl	KeyControl VM Set Identifier — If the VM is not already registered with KeyControl, this is the Cloud VM Set to which the VM will be assigned after the DataControl Policy Agent is installed. If the VM is already registered with KeyControl, this field is ignored and the VM will retain its current Cloud VM Set association. Service account — The Active Directory (AD) service account to use when logging into the VM if a specific user name and password are not specified. Username — The username to use when logging into the VM. This user account must have administration privileges on the VM. Password — The corresponding password for the VM user account. Reboot the VM — If this option is enabled and the DataControl Policy Agent is not already installed on the VM, the VM will be automatically rebooted after the DataControl Policy Agent installation finishes. If you do not enable this option, the DataControl Policy Agent will be installed and an alarm is generated in CloudAdvisor telling the admin that one or more actions are required before the data can be encrypted.
    Label VM in CloudControl	App Link — The CloudControl server to use when labeling the VM. Label — The CloudControl label that CloudAdvisor should apply to the VM. The list of available labels is retrieved from the selected CloudAdvisor server, so the CloudControl server must be accessible when you configure this action.
    Notify Slack	Slack Channel — Indicates the channel that will be used for the slack notification. This field accepts the following formats: #channel @username 'channel' If you do not enter a value in this field, the default Slack channel currently configured in the System Settings will be used. See Defining Slack Notifier Settings.
    System Event	Severity Type — The severity of the system alert to be generated. Levels (color): Emergency (red), Alert (red), Critical (orange), Error (orange), Warning (yellow), Notice (green), Informational (green).
    Tag VM(s)	VMware Tag — The VMware tag to apply to the VM. You can select an existing tag from this field or click + (Add) to create and apply a new VMware tag. If you create a new tag, you can specify the tag name, description, and category. CloudAdvisor then adds the new tag to the VMware vSphere server associated with the VM. Note: You can create as many new tags as you need, but you cannot create new tag categories. The categories must be defined in vSphere.

14. Click Create Now to add the action to the Insight Policy.
15. On the Choose Actions tab, review the actions assigned to the Insight Policy and make any desired additions or changes. When you are finished, click Close to save the Insight Policy.