Manual Chapter :
Overview of security policy audit
Applies To:
Show Versions
BIG-IQ Centralized Management
- 8.0.0
Overview of security policy audit
The security policy audit allows you to evaluate and edit a
security policy based on system-provided recommendation. In addition, you can use the audit
to analyze policy changes, deploy changes, ignore recommendations, and export the audit
results. The image below provides an overview of the information and available actions
within the Policy Analyzer audit. For more information about the system-provided
recommendations, see section
Security Policy Analyzer recommendations
.Policy Summary
The policy analyzer audit provides a summary of pending recommendations. Application protection is evaluated based on the severity and number of pending recommendations. As shown in the image below, the analyzed policy has a security score of "C" due to a number of recommendations from various categories. Use the audit to evaluate whether or not to edit your policy based on the system-provided recommendations.
Edit Policy
Edit the policy based on the system-provided recommendations. By clicking on the text
in the
Recommendation
column, you can go directly to the
configuration area that will allow you to implement policy or system configuration
changes. Ignore Recommendations
If the system-provided policy recommendations do not meet your application's
protection requirements, you can select the recommendation's row and click
Ignore
. This action can change the system assessment of your overall security
score, once you review or re-analyze the policy.Review Policy Edits
If you have saved changes to the policy, or the objects configured to the policy, you
can perform a new audit before you deploy changes. To do so, select the
Refresh
option from the SECURITY
POLICY
area in the summary screen. The summary bar and
recommendations adjusts the policy analysis according to changes. Deploy Policy Edits
If you would like to deploy policy changes, select the
Deploy
option from the SECURITY POLICY
area in the summary screen.
This will immediately deploy changes to BIG-IP devices associated with the policy.
