Blocking Anomalies

Identify Nodes through Node Group and Block them through New Enforcement Policy

You may create a dedicated Node Group and an Enforcement Policy accordingly.

Create Anomaly Node Group

This will group together all Nodes that will be identified by the default Policy using enabled Anomaly Definitions.

1. Go to Policy in the top panel.

2. Go to Policy > Group > Node in the left Policy panel.

3. Click on Tasks > Create

4. For ID: Unique Name. (e.g. Anomaly Group)

5. For Status: Enabled.

6. For Boolean Operator select OR.

7. Find and click on Add in Condition section.

8. For each Anomaly you want to add, use the followings:

   • Options: Anomaly

   • Operator: Detected is one of

   • Value: (One of the listed Anomalies)

9. Click Add.

10. Keep adding Conditions as needed.

11. Click Save.

Create Enforcement Policy To Block Anomalies

This will block all Anomalies identified within the Node Policy and are listed in the Anomaly Group from Step 1.

1. Go to Policy in the top panel.

2. Go to Enforcement Policy in the left Policy panel.

3. Click on Tasks > Create.

4. Action tab, click Next.

5. Under General tab:

   • ID: Unique Name. (e.g. Anomaly Enforcement Policy)

   • Description: Anomaly Policy to block all Nodes detected as Anomalies.

   • Status: Enabled.

   • Click Next.

6. Node Group tab, find and double click ** Group** (e.g. Anomaly Group)

7. Permission tab, double click on PERM-DNS. Click Next.

8. Redirection tab, click Next.

9. Agent Action tab, click Finish.

10. Click Apply.