4 Helpful Features for Centra Users - Policy Monitoring and More
Here's another batch of tips and tricks our customers love and find useful. In this post, we're talking about the ability to test your policy before you publish it, exporting incidents with specific tags, declutter Reveal maps and more. Enjoy and do send us your comments and suggestions.
1. Set agent enforcement state to monitoring
When you want to monitor any Agent’s policy prior to moving it to Enforcing, use the Set enforcement State feature to set the enforcement state to Monitoring. This will allow you to run your policy in Monitoring mode for any time of your choosing and when you are certain the policy is safe and doesn’t break anything in your network, you can set the state back to Enforcing and publish the policy. Note that the Network Log also supports this Monitoring mode – Any connection enforced (blocked) during Monitoring will be logged as Action = Will Be Blocked.
From the Agents UI select any Agent and click the Set enforcement state:
Set the state to Monitoring:
2. Export incidents by tags (instead of just by severity)
Centra allows you to export only incidents of your choice to Email, Slack or Syslog. This is useful when you want to avoid receiving too many incidents or when you want to receive incidents of a specific severity that are also of a specific tag.
In System Configuration select Exporters. To add exporting by tag, type the tag of your choice and then set an Alert rule that alerts every time the tag you selected is met in a flow.
3. Create multiple groups for the Reveal map
In addition to the Default ‘Environment,Application,Role’ grouping, you can add any grouping options of your choice for more granularity. In System Configuration select Reveal and Add any groupings of your choice.
4. Delete Reveal assets to make your Reveal maps less noisy
Here’s a hack that can help you reduce the noise in your Reveal maps. Simply click the Delete button on your keyboard and remove assets, groups of assets, flows etc. Don’t worry, this doesn’t actually delete the assets or groups. Just temporarily removes them from the map. A quick refresh will bring everything back.
Hope this was helpful! For questions or comments contact us here.
