On this page

Install Arbitrator System

Policy Configuration Files

Polices are a modular groupings of correlation rules, actions and response procedures that define how to respond to certain situations that happen on the monitored systems. Policies are usually system and manufacturer specific but can contain custom scripts for actions and response procedures. Each policy will also contain several correlation rules that are designed to create Alerts based on the best practices of that particular system manufacturer.

The configuration files in this table are installed at the end of the installation process. The purpose of the components are:

  • Controls

    Controls are actions that the system can automate user actions to support data collection, analysis before presenting to an operational user as a alert to help reduce User input and provide information and actions faster.

    • Turn a alarm a different colour

    • Push alert to another system such as dashboard server or a correlation server

    • Auto acknowledge alarms

    • Email the alert to a destination

    • Create a ticket with ServiceNow

    • Pre scripted action based on a response

    Other options that can be developed are:

    • Using API send the data to another destination

    • Interact with another system

    • Run a script to collect additional information

    • Run a script with actions to change state or configuration

  • Probes

    A probe is a script that is defined to poll a system to collect data from a remote system. This is important if the data required cannot be streamed from a system to the arbitrator to be ingested, the arbitrator and collect the data remotely by periodic probing of the system. Examples of probes that collect data

    • AXL

    • API

    • CLI

  • Response procedures

    Contains group of controls that are assigned to the policies

  • Policies

    A policy is a set of rules for the data that is turned in a to an alert. It enables an alert to be generated and defines the alarm ID and the content of the alarm that gets presented to a user.

Component

Filename

Controls

STDCONTROLS.lxcfg

Probes

StandardDeploymentProbes.lxcfg

PROBES.lxcfg

Response Procedures

Policies

SiteStats_08122020.lxcfg

POLICIESUCCE221020.lxcfg

POLICIESCUCM221020.lxcfg

POLICIESCUCIMP221020.lxcfg

PINGMON.lxcfg

Installation Steps

  1. Log in to the Arbitrator: admin/admin

  2. Click on the spanner icon

    7fc67e0f816ffdee

  1. Click on the icon shown below

    f0301700a05246d3

  2. Click on Import

    1c7f03e7e4f4141c

  3. Click on Choose file, then select your file and click OK.

    62103d6777f092cd

  4. Ensure the file you have just selected shows next to choose file, then click Upload.

    629d95c38a60bf25

  5. Once the file has uploaded click Import.

    b06e91afe1adf45e

  6. Repeat this procedure for:

    • Controls

    • Probes

    • Response Procedures

    • Policies

    See: Policy Configuration Files