Event-Based Enforcement Service

The Event-Based Enforcement service manages enforcement actions in response to threat-event processing. When there is a suspicious user, this user could represent a common DOS attack or some other threat. When a threat is detected, Policy Manager performs enforcement operations as configured; for example, executing a dynamic authorization Dynamic authorization refers to the ability to make changes to a visitor account’s session while it is in progress. This might include disconnecting a session or updating some aspect of the authorization for the session. (DA) to disconnect a suspicious user from the network.To add an event-based enforcement service:

1. Navigate to Configuration > Services. The Services page appears. The Services page provides options to add, modify, and remove a service.

2. To add the service, click Add. The Add Services dialog appears.

3. From the Type drop-down list, select Event-based Enforcement (see Figure 1).

Figure 1  Specifying Event -Based Enforcement

4. Enter the name or label of the event-based enforcement service.

5. Enter the values for any other parameters, including service rules, required for this service.

Associating the Service with an Enforcement Policy

After you create the event-based enforcement service, you must associate the service with an enforcement policy. You can do this from the Services Add > Enforcement page.

1. When finished with the parameter settings on the Add Services > Service page, click Next.The Services > Enforcement page appears.

2. From the Services > Add > Enforcement page, you can either select an existing enforcement policy or create a new one.

Figure 2  Selecting the Ingress Events Enforcement Policy

3. From the Enforcement Policy drop-down list, select the appropriate Event Enforcement policy.

4. If you have not configured Event-type Enforcement policies, click Add New Enforcement Policy to create a new enforcement policy.

5. Specify the values for the remaining parameters as described in Table 1, then click Save.

Table 1: Service Enforcement Page Parameters

Parameter

Description

Use Cached Results

1. Select this check box to use cached roles and posture attributes from previous sessions.

Enforcement Policy

2. From the drop-down list, select the preconfigured enforcement policy. This is mandatory.

Enforcement Policy Details

Description

Displays additional information about the selected enforcement policy.

Default Profile

Displays a default profile applied by .

Rules Evaluation Algorithm

Shows first matched rule and return the role or select all matched rules and return a set of roles.