4 Helpful Features for Centra Users – Policy Monitoring and More

Here’s another batch of tips and tricks our customers love and find useful. In this post we’re talking about the ability to test your policy before you publish it, exporting incidents with specific tags, declutter Reveal maps and more. Enjoy and do send us your comments and suggestions. 🎉

1. Set Agent Enforcement State to Monitoring 

When you want to monitor any Agent’s policy prior to moving it to Enforcing, use the Set enforcement State feature to set the enforcement state to Monitoring. This will allow you to run your policy in Monitoring mode for any time of your choosing and when you are certain the policy is safe and doesn’t break anything in your network, you can set the state back to Enforcing and publish the policy. Note that the Network Log also supports this Monitoring mode – Any connection enforced (blocked) during Monitoring will be logged as Action = Will Be Blocked. 
From the Agents UI select any Agent and click the Set enforcement state: 

Set the state to Monitoring:

After you’re done set it back to Enforcing and publish your policy!

2. Export Incidents by Tags (instead of just by Severity)

Centra allows you to export only incidents of your choice to Email, Slack or Syslog. This is useful when you want to avoid receiving too many incidents or when you want to receive incidents of a specific severity that are also of a specific tag.

In System Configuration select Exporters. To add exporting by tag, type the tag of your choice and then set an Alert rule that alerts every time the tag you selected is met in a flow. 

3. Create Multiple Groups for the Reveal Map 

In addition to the Default ‘Environment,Application,Role’ grouping, you can add any grouping options of your choice for more granularity. In System Configuration select Reveal and Add any groupings of your choice.

4. Delete Reveal assets to make your Reveal maps less noisy

Here’s a hack that can help you reduce the noise in your Reveal maps. Simply click the Delete button on your keyboard and remove assets, groups of assets, flows etc.  Don’t worry, this doesn’t actually delete the assets or groups. Just temporarily removes them from the map. A quick refresh will bring everything back.

Hope this was helpful! For questions or comments contact us here

From Guardicore's
Resource Center

Managed threat hunting delivered by Guardicore Labs
Synchronize and automate security across your entire network.

Subscribe To Our Newsletter

No spam, we promise. We’re only going to send you insights on how to reduce risk in your data center and clouds.

See Centra in Action

Reduce your attack surface and prevent lateral movement with fast and simple segmentation that works everywhere.

See Guardicore Centra in Action

Schedule a demo customized to your specific security needs