cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RAR Risk Level Routing

Go to solution
Former Member

on ‎01-25-2011 5:51 PM

0 Kudos

forum might be able to provide some guidance.

My client would like to have the following requirements:

When violations are identified in CUP, route to the Compliance Manager stage for mitigation. If no violation, auto provision. Pretty sure we can do this though a simple detour, no problem. The tricky part is that the Compliance Manager only wants to be sent conflicts ranked HIGH.

I would alternatively send all violations to the compliance manager and only mitigate (enforce mitigation) on high violations but we have a capacity issue and that person only wants to see requests where we have high violations. if we send them all requests with all violations levels they could get overwhelmed since inherently there will probably be more Mediums and lows

I know this can't technically be don't in 5.3 but I was wonder if anyone else has any clever solution such as using two rule sets for this or maybe disabling the mediums and lows for provisioning then enabling them for say monthly RAR reporting.

Any ideas would be appreciated,

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎01-25-2011 6:46 PM
0 Kudos

As far as I am aware there is no automated way to do this. An alternate would be for the security team to direct the request if it is in the workflow path to the compliance manager manually based on your criteria.

Regards,

Chinmaya

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎01-25-2011 7:05 PM
0 Kudos

Hi Kyle

Chinmaya is right. There is no Automatic way of doing it. It will be a manual process. Maybe you can have a report of just HIGH violations, that can be automated on a periodic basis and send that report to the manager

Worth a shot !!

Show replies
Show replies
Former Member
‎01-26-2011 5:47 PM
0 Kudos

Hi Kyle,

This won't be possible directly but I have done this at couple of my clients by applying the solution as below?:

Create a new ruleset with only HIGH violations which is a subset of your main (Current) ruleset. Now, make the new ruleset as Default ruleset in RAR so CUP will only check the violations against this ruleset. Whenever you need reporting against all the risk levels then run the analysis in RAR against the main ruleset.

Regards,

Alpesh

Former Member
‎01-26-2011 9:25 PM
0 Kudos

Alpesh,

This is what I was thinking as well but I have some concerns and questions.

Would you have one rule set with just highs (CUP) and the other with medium and lows (RAR)? Or one with highs (CUP) and a full rule set for monthly analysis (RAR)?

I think you would need to use the first options otherwise you would have some duplication when maintain "high" rules. Also what about mitigation? If you use option two you will have some mitigation issue right? Our client would like to mitigated the high's at the user level and the mediums and lows monthly at the role level.

Another option I thought of was to disable all mediums and lows during normal provisioning, then enable them once a month when running monthly reporting. thoughts?

Any further clarification would be appreciated.

Kyle

Former Member
‎01-27-2011 6:06 PM
0 Kudos

Hi Kyle,

If you need to mitigate for high, medium and low then you will have to divide the rulest into High and other ruleset for Medium and Low.

I wouldn't recommend of activating and deactivating risks as that would be a lots of ongoing work.

Regards,

Alpesh

Ask a Question