Gain More Insight with Indeni’s Network Security Automation – Rule Category
Notice: This blog post was originally published on Indeni before its acquisition by BlueCat.
The content reflects the expertise and perspectives of the Indeni team at the time of writing. While some references may be outdated, the insights remain valuable. For the latest updates and solutions, explore the rest of our blog
In this blog, we’ll do a deep dive into Rule Category. Although the use of Rule Category is somewhat limited today, we’ve planned to expand its use to help you get more insight into your environment.
Why use Rule Category?
Rule Category helps you quickly process information about potential problems in your network. Today you use Labels to organize your devices, so you can view information about a group of devices and perform operations on the group with ease. Similarly, you can use Rule Category to organize your alerts, so you can quickly identify the type of problems you may be experiencing.
Unlike SNMP-based monitoring tools that’s main focus is device health, we cover many more use cases including High Availability readiness, external services monitoring, security risks identification and ongoing maintenance, just to name a few. We humans tend to take in large amounts of data, before we simplify and structure it. That is how we make sense of what is going on. Categorizing the alerts is a useful tool to help you navigate to the problem faster and more effectively.
Rule Category Types
We cover a diverse set of use cases, reflected by Rule Category. They are:
#1 Health Checks
Continuously assess device health and proactively identify issues before they become bigger problems.
#2 High Availability
Detect configuration mismatches among the active, passive and backup devices. Ensure High Availability best practices are followed. For example, we ensure redundant links are used for heartbeats between the active and passive devices.
#3 External Services (new)
Security devices rely on many critical services, such as DNS, NTP, LDAP, management servers, external rating services, whitelists/blacklists, threat intelligence feeds, etc. These rules ensure your devices can reach these services and successfully retrieve the information.
#4 Best Practices
Ensure vendor and industry best practices are adhered to. The rules in this category cover a lot of areas to produce good outcomes. For example, Palo Alto Networks Best Practices Assessments, SecureXL best practice configuration, etc.
#5 Organization Standards
Ensure organizations ‘gold standard configuration’ is followed. The rules in this category require you to provide the configuration that needs to be in compliance.
#6 Ongoing Maintenance
Detect expiration dates and provide advance notifications if expiration dates or usage limits are approaching. This includes licenses, SSL certificates, hardware and software end of support.
#7 Security Risks
Check for insecure protocols, strong passwords, timeout values not too high, restricted access to firewalls, failed logins, etc.
#8 CVEs (new)
This is a new category created for common vulnerabilities and exposures.
Plans for Rule Category
Today, you use Rule Category as a filter on the Issues and Knowledge Explorer pages to refine the list of alerts you want to investigate. In future releases, we are planning to leverage Rule Category in dashboards, reports and configurations.
Dashboard – Issues At-A-Glance
This new widget will provide you a high level overview of the type of problems. You can set filters to refine the list to a group of devices. You can use the toggle to select unresolved issues, resolved issues, or both. You can click on a cell to drill down further to the actual issues. For example, clicking 35 on the Best Practices row under the Warning column will take you to the issues page showing the 35 warnings pertaining to Best Practices.
We are also planning to include this table in the device page view so you can perform a similar analysis at a per device level.
Reports
We are planning to provide templates for every Rule Category. These templates are intended to simplify reports creation. For example, you can easily create a security report from the security risk template in preparation for audits. If you have an initiative to harness site reliability, you may want to leverage the best practices report to ensure a device is operating in its optimal way.
We are also planning to provide a CVE report. We recommend that you run the CVE report after every upgrade to determine if any of your devices are exposed to vulnerabilities.
Configurations
What if we allow users to subscribe to alerts of a particular category? Your operations team may not be interested in alerts related to Best Practices. They are useful to engineers. Your auditors may only be interested in security related alerts and CVEs. Providing an ability to subscribe to a category of alerts will enable other personas to receive useful information about your environment.
Summary – call to action
Rule Category is a new tool you can use to gain insights of your environment. We would love to hear from you if you have any ideas about new usage of Rule Category. For example, do you think you would want to create your own Rule Category? Are there any other categories you would like to see? Please send your thoughts to [email protected].
Key takeawaysThis key takeaway was generated through LLMs crawling the page and coming up with an overview of the content.This article explains the Rule Category feature, designed to organize and surface alerts so operations teams can more quickly identify and remediate network problems across use cases like device health, high availability, external services, security, and maintenance. It outlines eight current categories—Health Checks, High Availability, External Services, Best Practices, Organization Standards, Ongoing Maintenance, Security Risks, and CVEs—and describes how Rule Category is already used as a filter on Issues and Knowledge Explorer pages while planned enhancements will bring category-based dashboards, reports, and subscription-based alerting. The piece emphasizes operational impact (faster triage, role-specific notifications, and targeted reporting) and invites customers to suggest new categories or usage ideas via the provided product email.
What practical benefits does Rule Category provide today for operators managing large device fleets?
Today, Rule Category helps operators quickly process and organize alerts by type so they can focus on specific classes of problems across many devices. By filtering Issues and the Knowledge Explorer by Rule Category, teams can narrow the alert list to relevant items—such as Best Practices warnings or Security Risks—reducing time-to-triage and enabling targeted remediation actions. This classification complements existing device Labels by grouping alerts instead of devices, making it faster to identify common problems across a fleet and route issues to the appropriate engineering, security, or operations personas.
How will Rule Category be used in upcoming dashboards, reports, and configurations?
Future plans include a dashboard widget (Issues At-A-Glance) that summarizes counts of issues by Rule Category and severity with drill-down to the Issues page, and inclusion of the same table at the per-device level for device-centric analysis. Reporting enhancements will include templates for each Rule Category—such as security risk and best practices templates—and a dedicated CVE report recommended to run after upgrades to check for vulnerabilities. Configuration enhancements under consideration include the ability for users to subscribe to specific categories so different personas receive only the alerts pertinent to their responsibilities.
What Rule Category types exist now and what new categories were recently added?
The article lists eight Rule Category types covering diverse operational needs: Health Checks (continuous device health assessment), High Availability (detecting config mismatches and HA best practices), External Services (new—checks reachability of DNS, NTP, LDAP and other external services), Best Practices (vendor/industry guidance), Organization Standards (enforcing a provided gold-standard configuration), Ongoing Maintenance (expiration and usage limit alerts for licenses, certs, support), Security Risks (insecure protocols, failed logins, access restrictions), and CVEs (new—common vulnerabilities and exposures reporting). The External Services and CVEs categories are noted as recent additions.
Published in:
Ulrica de Fort-Menares is the Vice President of Product Management for Infrastructure Assurance.
Related content
How to map your network with user-defined links in Integrity X
Map your network with user-defined links in Integrity X to define and manage custom relationships, such as dual-stack and NAT environments.
Automate your DDI modernization path by migrating with Micetro
Automate cross-platform DNS and DHCP migration with Micetro to reduce risk, eliminate manual effort, and modernize infrastructure faster.
Your journey to intelligent NetOps begins at Cisco Live
Visit BlueCat’s booth or book a meeting now to learn more about how our solutions can help you build a network that supports constant change.
Replace BIND and ISC with Micetro DNS/DHCP Server (MDDS)
Tired of patching and manually configuring BIND DNS and ISC DHCP? Discover how Micetro MDDS appliances can replace them for modern DDI.