7 Replies Latest reply on Aug 8, 2014 3:19 AM by Monoj Padhy

    Compliance rules query question for BSA

    Roy Ong

      Hi all,

      When im creating a rules condition, for example say

       

         "Security Setting:Security Settings\Local Policies\User Rights Policy\Debug programs"."Local setting as List of String values (Windows)" contains "DB2ADMNS"

       

      For this particular policy, in the system im testing, there are users like DB2ADMN and DB2USERS

       

      For the criteria i put “contains”. I notice that when I just put "contain DB2", it still flagged as non-compliant and insist specifically stating DB2ADMN and DB2USERS.

       

      a.       Can I search for 2 strings in one query or must I keep adding OR/AND statements if I need to search for DB2ADM + SQLADM for instance.

      b.  Can i use a wildcard in the compliance rule like any users which contains the string "DB2", flagged as compliant

       

      Im on BSA 8.3 sp3.

       

      Thanks all!

        • 1. Re: Compliance rules query question for BSA
          Monoj Padhy

          Can I search for 2 strings in one query or must I keep adding OR/AND statements if I need to search for DB2ADM + SQLADM for instance. >> You can write a single rule with some wild card

           

          instance like/ends with *ADM (Note anything that ends with ADM will be compliant. If you are specifically looking for DB2ADM and SQLADM then you must use different query with AND/OR clause as per your requirement)

           

          Can i use a wildcard in the compliance rule like any users which contains the string "DB2", flagged as compliant >>Yes, use of wild cards is supported for compliance rules. Same above logic applies here as well

           

          If you specifically looking for users DB2ADMN and DB2USERS then create two separate rule else use wild cards

          like DB2* or begins with DB2

          • 2. Re: Compliance rules query question for BSA
            Don Kim

            Careful with the "contains" operator. If it has a valid DB2ADM, it will still return compliant even if a user named HeeHaDamian666 is present.

             

            I had issues with USER RIGHTS as well. I ended up creating a file on server then parsing the contents and matching to SID. I click my heels 3 times and wish they would allow for the contents of USER RIGHTS settings to be recognized as users or a literal string. Seems to be a mix of both.

            • 3. Re: Compliance rules query question for BSA
              Roy Ong

              wildcard.jpg

              i tried using the right value as *irin, but still get it as non-compliant and doesnt work (im using the contains operator (non case sensitive). Please see the screenshot. Also, there isn't any "LIKE" operator? what is the equivalent?

              • 4. Re: Compliance rules query question for BSA
                Don Kim

                contains irin without the wildcard should work. I think there is also a case sensitive contains as well. If you are only looking for that irin value, you are set, but if you don't want other values, it will take some work.

                • 5. Re: Compliance rules query question for BSA
                  Monoj Padhy

                  are you expecting some string before IRIN (XYZ_IRIN_XYZ), If yes then you can use contains operator and remove * from right value. This should work.

                   

                  If your value will always with pattern IRIN_XYZ then starts with operator will do the job for you.

                  • 6. Re: Compliance rules query question for BSA
                    Roy Ong

                    i see. i think it only applies if it is a string value and not a "list of string values" as i tried using contains irin, it flags as non-compliant, whereas when i use string values, and contains irin, it is compliant.

                    • 7. Re: Compliance rules query question for BSA
                      Monoj Padhy

                      list of string values ! Are you looking for a check where value can be anything from a list of multiple options ?

                       

                      Does your problem resolved ? or you are looking for something else.