Use Case: Monitor Policies for Violations
JSA Risk Manager can continuously monitor any predefined or user-generated question in Policy Monitor. You can use monitor mode to generate events in JSA Risk Manager.
When you select a question to be monitored, JSA Risk Manager analyzes the question against your topology every hour to determine if an asset or rule change generates an unapproved result. If JSA Risk Manager detects an unapproved result, an offense can be generated to alert you about a deviation in your defined policy. In monitor mode, JSA Risk Manager can simultaneously monitor the results of 10 questions.
Question monitoring provides the following key features:
Monitor for rule or asset changes hourly for unapproved results.
Use your high and low-level event categories to categorize unapproved results.
Generating offenses, emails, syslog messages, or dashboard notifications on unapproved results.
Use event viewing, correlation, event reporting, custom rules, and dashboards in JSA.
Configuring a Question
You can use Policy Monitor to configure a question to be monitored.
Click the Risks tab.
On the navigation menu, click Policy Monitor.
Select the question that you want to monitor.
Click Monitor.
Configure any of the options that you require to monitor your question.
Click Save Monitor.
Monitoring is enabled for the question and events or offenses are generated based on your monitoring criteria.