3.4 Knowledge Explorer

The Knowledge Explorer allows you to interact directly with Indeni rules, learn about rules and how they are applied and enables you to tweak rules to best fit your environment.

Starting 7.2, you can visualize the step by step troubleshooting workflow diagrams that explain how we detected and diagnosed the cause of the specific issue.

Navigating Indeni Rules

Browse through the Indeni Knowledge from the Knowledge-Explorer tab. Use the sort, filter and search functions to explore rules of interest.

Each rule contains multiple attributes, including the Rule Name, Vendor, Operating System (OS) and more.

Hover over the Vendor, OS and Category fields to see the full list of supported vendors, OSes, and categories for each rule.

Note: hover over badges to see a full list of items.

Click the checkbox adjacent to the rule to open the side-pane:

The Remediation tab specifies which vendors and OSes the rule is relevant to. Click on the Vendor name to view the list of OSes under that vendor to which the rule is relevant.

The Configuration tab allows you to change the rule configuration.

Please Note: You cannot delete the Global Configuration, however, once you create a new Configuration by clicking on New, it will override the Global Configuration settings.

Click the Overview button to access all information pertaining to the rule.
From this section, you can enable or disable the rule, see the relevant device vendors and OSes relevant to it, create custom configurations and more.

To disable a rule, select the rule, then click the Overview button.
Click the Disable button to completely disable the rule.
To disable a rule for only some devices or only for some labels, scroll down to the Disable section, then select the devices and labels for which the rule will be disabled.

Note: All rules will default to the Global Configuration and behave on the Thresholds and Actions defined therein.

Export the list of Auto-Detect Elements for a vendor

To retrieve the list of rules applied to Check Point devices, set the filter to vendor, select checkpoint.

The system will return the full list of rules for Check Point. On the Rule Name column, right click on any row.

Select the Export format, the system will export the list of issues pertaining to checkpoint.

Configuring Rules

You can create as many rules as you want by leveraging Labels and Devices. Use labels to better manage and tune your system.
Using multiple rules may be useful in situations where you would benefit from an escalating notification procession, or require more nuanced rules to uncover issues.

Click the ADD NEW button to create a custom rule configuration.
Configure the list of actions, severity, devices, and labels that are relevant to the new configuration.

Create an Exclusion Pattern

Starting 7.3.1, you can define an exclusion pattern to persistently exclude an issue item from an issue. For example, you have a disaster recovery strategy in place. Under normal operations, many of the disaster recovery services are not available. In this example, your disaster recovery BGP peer is always down, so you want to exclude the peer from the “BGP peer(s) down” alert. To do that, create an exclusion pattern for the “BGP peer(s) rule” that matches the BGP peer for disaster recovery, as shown below: : 

In this example, 10.11.94.61 will be excluded from all the Check Point devices. You can use a wildcard if you want to exclude multiple issue items that share the same prefix. For example, you can define 10.11.* using the same example. You can also create multiple entries to exclude multiple issues items.

You can modify or remove the pattern anytime. It will take effect in the next evaluation cycle. In some cases, it can take up to an hour for the change to take effect.

Auto-Triage Workflow Visualization

Starting 7.2, Knowledge Explorer visualizes the step by step troubleshooting workflow so you can understand our complete decision tree.

Navigate to a rule with Auto-Triage Element. You may need to add the Automation column to the table. To review a rule in more detail, simply click on a rule of interest to update the Rule Summary page on the right-hand side.  

Next, click on the blue OVERVIEW button at the bottom right corner to see more details.

Click on the Vendor button with the Automation icon, then click on the workflow diagram icon at the bottom right to bring up the workflow diagram.

Scroll up and down to view the entire workflow. To view specific commands, click on the box.

Tips and Tricks

Try filtering by keyword or All Categories, to see a list of device-specific rules. Search for generic words such as memory or CPU to bring up a list of system rules that contain those words.

You can keep track of what Rules have been modified if they transition from Unchanged to Changed.

You can also add a search word to further filter the Category Selection.