This article explains what the Learn Mode is and how to create a starter policy with the Learn Mode function enabled.
...
| Widget Connector | ||
|---|---|---|
|
...
Before you begin, you must:
- Have a basic understanding of the Vormetric product
- Have a basic understanding of how to access the Data Security Manager (DSM) and the administrative accounts
- Complete the Create Encryption Key step
...
A Vormetric policy dictates what users or processes are allowed into a GuardPoint based on a list of rules and the order of those rules. Any attempts to access a Vormetric GuardPoint will be filtered by these rules in the policy. For example, a specific user or process cannot access a GuardPoint unless there a rule in a policy that specifically offers access. Without a specific rule for access, the attempt will be denied and logged.
As you create these rules in a policy, it is very unlikely that you will be familiar with every critical user or process that needs access to a GuardPoint, which is why the Learn Mode can be handy.
In the Learn Mode, a deny statement in a rule becomes a permit. This means that any activity that would have typically been denied by a policy rule is instead permitted and logged. In order to capture these logs in the DSM, a specific catch-all rule with a deny statement will need to be added at the bottom of every rule set. The DSM logs will then allow you to analyze and determine which authorized users and processes are trying to access a GuardPoint. With this information, you can decide whether or not to allow these users and processes access by whitelisting them in the policy.
For your reference, a deny statement in the Effect field must include Apply_Key when Learn Mode is enabled.
...