Continuous Compliance & Security
Personas: (Compliance Officer, Compliance Analysts)
NP-Live enables organizations to adopt a culture of continuous compliance and security. By combing the below features, NP-Live can monitor your network devices 24 x 7 x 365, alerting individuals or ticketing systems when security or compliance vulnerabilities are identified.
NP-Connect facilitates the configuration of connectors to poll devices on a schedule importing the latest configurations for analysis.
Risk and Warnings are generated based on policy requirements that automatically run on network device configuration files imported into the workspace. Each requirement has its own checking logic that can run on either:
- the device configurations
- the access rules
- the path analysis
- the output logs of the device parsers
Requirements are organized into policies which can be assigned to specific devices. NP-Live includes a set of default policies that are read-only. Policies can be deactivated and assigned to specific devices but not deleted.
Administrators and Workspace Admin’s can create custom policies to monitor Configuration files, Rules, Path analysis and Parser logs. Custom logic is written using the YARA condition statement. An alert is triggered if the logic statements evaluate to true. There are multiple keywords that can be used to access internal data structures: CONFIG represents the configuration files, PARSER represents the parser output, RULE_* represents access rules, and PATH_* represents the path analysis fields. You can download the detailed list of fields with a logic template for RULE_* and PATH_*. The operators `matches` and `contains` can be used to evaluate a field with a regex and a string value, respectively. Logical operators `or` and `and` and `not` can also be used for richer logic expressions.
Once the policy is created, the “Run” button can be used to execute the policy and test the results of the query. Once saved, a custom policies can be edited/saved, assigned to specific devices, enabled/disabled, or deleted.
Notification manager allows users to setup rules based on multiple criteria and to have those notifications delivered to multiple services on a schedule. Notifications can be setup by one or more of the following:
- Activity type (Risks, Warnings, Errors, Comments and Changes)
- Activity status (New, Confirmed, Resolved, Fixed, False Positive, Will Not Fix)
- Severity (Low, Medium, High)
- Keyword match
Notifications can be sent to the services configured by the Administrator and can include (e-mail, ticketing systems, syslog, taxii).
Change tracking provides the user with the ability to review changes made to the system and review the potential impact of the changes. Changes can also be setup as notifications as described above.