Creating New Policies
The Create New Policy task allows you to create new policies based on processes run by a user, or just by process name.
1. To get started with creating a new policy, browse to your Opus interface, log in and locate the Create New Policy task. Click Start.
2. Firstly, you'll need to supply a rationale for the creation of this policy. Enter and a rationale and click Submit.
3. You'll need to allow the task to use your password to access user information from the domain controller. Click Allow.
4. Next, you'll be asked to query the baseline to prefilter processes that have been run, you can search by username or by process name. Once you've entered a query, click Submit.
Searching for your workgroup (i.e. Your AD login looks like exampleworkgroup\AD-User) will return all processes on the baseline.
5. You'll now be presented with a table of results, choose one or more processes to create a new policy for each result. Click Submit Rows.
6. At this stage, you'll be able to select the properties with which PEM will match a process to the policy. You must select one or more properties. Once selected click Submit Rows.
Process Name: Policy applies to processes with the name of the executable.
Process Hash: Policy applies to processes with the same SHA256 hash of the binary file.
Process Author: Policy applies to processes with the author of the executable.
Proccess Path: Policy applies to processes with the same path.
7. Now, you'll have the opportunity to select a username or group for which the policy will apply. Enter a search term for a valid username or group and click Submit.
8. Select the appropriate users or groups from the table and click Submit Rows.
9. Once your users/groups have been selected, you'll be able to select a policy action from a dropdown menu including Allow, Deny or Warn. Select your chosen action and click Submit.
If you selected Warn you'll be asked to enter a warning message, write an appropriate warning or policy reminder and click Submit.
9. Finally, you'll be presented with a summary of your choices, including a clear explanation of the policy. If you're happy with the policy select Create new policy if you want to start again or quit creating a new policy, select Cancel.