Blocking Risky Nodes

You can group risky nodes using status groups and block them with enforcement policies.

Creating Status Group

All nodes identified by the default policy using risk detection will be grouped.

1. Click Policy in the top menubar.
2. In the left policy panel, go to Policy > Group > Node.
3. Click Select Action > Create Status Group.
4. ID: Enter a unique name. (Example: Risky Status Group)
5. Application Mode: Select 'Enabled'.
6. Condition Operator: Select OR.
7. Click the Add button in Condition Settings.
8. Set the Condition Settings items below as desired:
   • Item: Risk Detection
   • Condition: If specific risk is detected
   • Setting: (Select one from the list)
9. Click Add.
10. Continue adding Condition Settings as needed.
11. Click the Create button.

Creating Enforcement Policy

All risk-detected nodes identified by node policies can be listed in the risky status group and blocked.

1. Click Policy in the top menubar.
2. In the left policy panel, go to Policy > Enforcement Policy.
3. Click Select Action > Create.
4. In the Policy Selection tab, click the Next button.
5. The Policy Basic Settings tab:
   • ID: Enter a unique name (Example: Risky Enforcement Policy)
   • Description: Risk policy to block nodes detected as risky
   • Application Mode: Enabled
   • Click Next button
6. In the Node Group Assignment tab, find and double-click the Status Group (Example: Risky Status Group). Click the Next button.
7. In the Permission Assignment tab, double-click PERM-DNS and then click the Next button.
8. In the Enforcement Options Settings tab, click the Next button.
9. In the Enforcement Action Settings tab, click the Complete button.
10. Click Apply Change Policy.