You can create a new policy or modify an existing policy to protect your endpoint groups in Nebula. The policy's configuration determines how Nebula interacts with your endpoints. Once a policy has been created, you need to apply the policy to a group of endpoints. This article provides information about policies and shows you how to add, assign, delete, clone, or reset a policy in Nebula.
Notes
- A group contains one policy.
- Policies can be assigned to multiple groups.
- Endpoints receive the policy assigned to their group.
- Policy changes are automatically pushed to endpoints if they are online.
- Endpoints silently load or unload additional components and plugins based on the configured policy. If you upgrade your subscription from Endpoint Protection to Endpoint Detection and Response, or add a module like Patch Management, you must enable the policy settings for those specific products to begin using them.
Policies overview
Policies show as line items with different columns highlighting specific information. These columns are:
- Name: The name given to the policy. Click the column header to sort policies by alphabetical or reverse alphabetical order.
- Protection layers: The protection level used per OS is displayed in this column. Hover over the protection level to view the enabled or disabled protection layers at a glance.
- Additional Protection: Displays paid modules enabled within the policy.
- Last updated: Shows the date of the last time a Nebula user made edits to this policy. Click the column header to sort policies based on the last time they were updated.
- Updated by: Displays who last modified the policy.
- Endpoint count: Displays the number of endpoints in a group with the policy assigned.
Add a policy
Creating a new policy automatically copies the settings from the current default policy.
- Go to Configure > Policies.
- In the upper-right part of the page, click New policy.
- Select to create a Workstation or Server policy with the recommended settings. For more information, see ThreatDown recommended policy for Nebula.
- Enter a Policy name.
- Configure settings for your endpoints.
- Click Save.
Once you've clicked Save, your new policy appears in the policies list. To nominate a policy to the Default Policy, check the box next to a policy and click Actions > Set as default. This changes the policy associated with the Default Group.
Assign a policy to a group
Endpoints use the policy of the group they are assigned. After creating a policy, assign it to a group so endpoints in that group can use the policy settings.
- Go to Configure > Groups.
- Click on the group name.
- Select a different policy from the Policy Name drop-down menu.
- Click Save.
To move an endpoint to another group:
- Go to Manage > Endpoints.
- Select the endpoints and select Actions > Move.
For more information, see the following articles:
Delete a policy
- Go to Configure > Policies.
- Check the box of the policy you want to delete.
- Click Actions > Delete. Any exclusions associated with this policy will be deleted. Exclusions associated with multiple policies will remain unchanged.
- In the confirmation pop-up window, click Delete. If you try to delete a policy with an assigned group attached to it, the system informs you This policy has groups assigned to it and cannot be deleted.
A green confirmation pop-up appears in the top-right corner of the Policies section to confirm you have deleted the policy.
Clone a policy
To make a copy of an existing policy:
- Go to Configure > Policies.
- Check the box next to the policy you want to clone.
- Note: The Default policy cannot be cloned.
- Click Actions > Duplicate.
- In the Clone Policy pop-up window, confirm the following:
- Clone name: Type in a name for the cloned policy.
- Do you want to associate exclusions?: The switch defaults to YES. If you don't want to associate exclusions, toggle the switch to NO.
- Uninstall Protection: Choose to automatically generate or manually configure an uninstall password.
- Click Confirm.
Reset a policy to defaults
To revert a policy to our recommended defaults:
- Go to Configure > Policies.
- Click on the policy you want to reset.
- In the top-right corner, click Reset.
- Select to reset to our recommended default settings for Workstations or Servers. For more information, see ThreatDown recommended policy for Nebula.
- Click Reset.