Rule Categories
A rule can be classified with multiple rule categories. Any rule YAML file should be at least identified with one of the following categories:
| Name | Enum used in rule yaml | Description | Examples |
|---|---|---|---|
| Health Checks | HealthChecks | Rules which check the health state of the device. Often times, it's some sort of resource usage check. | CPU usage too high Memory usage too high |
| Vendor Best Practices | VendorBestPractices | Best practices that are recommended by the vendor. For example, certain feature is recommended by the vendor to be enabled but it's not enabled on the current device. | SNMPv3 is not configured Cisco Nexus: Proxy arp is activated |
| Security Risks | SecurityRisks | Any rule that checks vulnerabilities of the device or enforces configurations which hardens device security against attackers. | Command Injection Vulnerability PAN-SA-2012-0013 All Devices: Weak cipher used with SSL profiles |
| High Availability | HighAvailability | Any rule that has association with high availability and cluster | Network interface duplex does not match across cluster members Cluster down Fortinet Devices: HA heartbeat link does not have at least one more operational redundant link |
| Ongoing Maintenance | OngoingMaintenance | Rules that help the operators check with daily maintenance items. For example, license expiration or contract expiration. | Panorama certificate about to expire Symantec CAS devices: updates are available |
| Organization Standards | OrganizationStandards | Best practices and compliances imposed by the organization standard. For example, certain organization might require to all network devices to use the same DNS server. | Jumbo hotfix take does not match requirement DNS server configured do not match requirement |