Performing response policy searches - BlueCat Integrity - 9.3.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.3.0

The Response Policy search finds Response Policy items configured in local response policies or predefined BlueCat Security Feed data. A specified string of text returns a list of all matching items in Address Manager across all configurations.

To perform a Response Policy search:

  1. Click the Search bar and select Advanced Search.
  2. Click the Response Policy Search tab.
  3. In the Search field, type the text you want to search for. You can use the following wildcards in the search:
    • ^—matches the beginning of a string. For example: ^ex matches example but not text.
    • $—matches the end of string. For example: ple$ matches example but not please.
    • *—matches zero or more characters within a string. For example: ex*t matches exit and excellent.
    Note: To find Response Policy items containing an IPv4 address, enter the full reverse zone name. For example, if you are searching for 192.0.2.100, type 100.2.0.192.in-addr.arpa.

    This is because the Response Policy search is based on text strings. When first creating response policy items, IP addresses must be entered in the reverse zone name format.

    Note: You can't use the following characters in the search string:
    • , (comma)
    • (single quotation mark)
    • ( ) (parentheses)
    • [ ] (square brackets)
    • { } (braces)
    • % (percent)
    • ? (question mark)
    • + (addition/plus sign)
    • | (Pipe)
  4. In the Maximum Results field, type the maximum number of search results you want to display, up to 1000.
  5. From the Search In options, select the type of data that you wish to search from the drop-down menu.
    • Local—select this option to search Response Policy items that match the pattern in the local Response Policy data.
    • Feed—select this option to search Response Policy items that match the pattern in the BlueCat Security feed Response Policy data.
    • All—select this option to search all Response Policy items that match the pattern in the local Response Policies data and in the BlueCat Security feed data.
    Note: When searching for Response Policy items in the BlueCat Security Feed, Address Manager must have Internet access and port 53 opened for outbound communication. Address Manager Internet connectivity is only necessary for customers using BlueCat Threat Protection.
  6. Click Search. The search results appear.
  7. Click the name of a policy item object in the results list to display the object.
    Note: You can only navigate to the policy items that are locally defined in Address Manager. You can't navigate to the BlueCat Security feed Response Policy items.