Versions Compared

Old Version 5

changes.mady.by.user Olga Nekrutkina

Saved on

compared with

New Version Current

changes.mady.by.user Gireesh Geetha

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

You can configure notification rules after you have uploaded API outbound templates and configured REST API outbound endpoints on the NIOS appliance. For information about adding REST enabled outbound endpoints, see Configuring REST API Outbound Endpoints. To send outbound notifications from NIOS to the target endpoints, you must configure notification rules. When adding rules, you must associate the correct action template to the rule. The appliance validates the event type specified in the template with the event type that you select in the notification rule. The parameters defined in a template decides the way NIOS specific data is presented to an endpoint. Each notification rule specifies the target endpoint, notification rule criteria, and the REST API outbound template being used to take action for the matching events.

...

  1. From the Grid tab, select the Ecosystem tab -> Notification tab, and then click the Add icon.
    or
    From the Grid tab, select the Ecosystem tab, and click Add Notification Rule from the Toolbar.
  2. In the Add Notification wizard, complete the following.
    • Name: Enter the name of the notification rule.
    • Target: Click Select Endpoint to select the endpoint type. If there are multiple endpoints, the All Endpoints Selector dialog box is displayed, from which you can select an endpoint name, such as Cisco ISE.
    • Target Type: Displays the target type. You cannot change this.
    • Comment: Enter useful information about the notification rule.
    • Disable: Select this option to disable the notification rule.
  3. Click Next and complete the following to configure notification rules for the selected endpoint:
    • Event: Depending on the licenses you have installed in the Grid, you can select the event types you want to apply to the notification rules. The outbound member collects data for the selected events based on your configuration. Note that if there is a significant amount of data or if the network bandwidth is not sufficient, the outbound member might drop some of the events. In this case, you can access the syslog to view the messages related to dropped events. In addition to basic information (such as timestamp, member IP, network, and others), data collected for some event type might include enriched data such as discovered data, parent network information, and associated extensible attributes.

...

      • DNS RPZ: Select this to collect data for RPZ events. The DNS RPZ event type is available only if you have installed the RPZ license in the Grid. When you select this event type, you can enable event deduplication in the next step so the appliance can avoid sending excessive events to the endpoint based on your configuration.
      • DNS Tunneling: Select this to collect data for DNS tunneling events.
      • DHCP Leases: Select this to collect data for DHCP leases. Since the same IP addresses might be used by multiple systems, the appliance matches both the IP and the MAC address or the DUID to ensure the discovered data is most likely to be correct.
      • Object Change DHCP Fixed Address IPv4 and IPv6, DB Change DHCP Network IPv4 and IPv6, DB Change DHCP Range IPv4 and IPv6, DB Change DNS Host Address IPv4 and IPv6: Select any of these to collect data for database changes in fixed addresses, DHCP ranges, networks and DNS host addresses.
    • Action: This field is displayed only if you have selected Cisco ISE as the endpoint (the Target field). Otherwise, this field is hidden.

...

4. Click Next. If you have selected DNS RPZ as the event type, go to Deduplicating RPZ Events to configure deduplication. Otherwise, go to Selecting Action Template   to select an action template.

...

Anchor
Selecting Action Template
Selecting Action Template
Anchor
bookmark3417
bookmark3417
Selecting Action Template

  1. In this step, select the RESTful API outbound template you want to use for outbound notifications. The appliance validates the event type that is added to the notification rule and then matches that with the event type configured in the template.

    In the Template field, click Select Template to associate an action template with the notification rule. If there are multiple templates, the

    REST API

    <DXL or RESTful API> Template Selector dialog box is displayed, from which you can select an action template. Note that only templates that have the same event type configured for the notification rule appear in this dialog.

    The following information is displayed about the selected action template:
    • Vendor Type: The REST API vendor type associated with the endpoint.
    • Action Type: The type of action that will be taken for the matching events.
    • Parameters: Displays the associated parameters of the template, such as Name, Value, and Type. You can click the Value cell and modify the value for the parameter.

...