To access this page, select the Issues tab in the sidebar, then select Knowledge Explorer.
The Knowledge Explorer allows you to interact directly with LiveAssurance rules, learn about rules and how they are applied and enables you to tweak rules to best fit your environment.
You can visualize the step by step troubleshooting workflow diagrams that explain how we detected and diagnosed the cause of the specific issue.
Navigating LiveAssurance Rules
Browse through the LiveAssurance Knowledge from the Knowledge Explorer tab. Use the sort, filter, and search functions to explore rules of interest.
Each rule contains multiple attributes, including the Rule Name, Vendor, Operating System (OS), and more.
The following image shows the Knowledge Explorer tab.
You can perform the following actions in the Knowledge Explorer tab:
-
Hover over the Vendor, OS and Category fields to see the full list of supported vendors, OSes, and categories for each rule.
Note: Hover over badges to see a full list of items, as shown in the above image. -
Click the checkbox adjacent to a rule to open the rule summary drawer on the right-hand side of the page. The rule summary drawer contains the following tabs:
The Remediation tab specifies which vendors and OSes the rule is relevant to. Click on the Vendor name to view the list of OSes under that vendor to which the rule is relevant.
The following image shows the Remediation tab.
-
The Configuration tab allows you to change the rule configuration.
Note: You cannot delete the Global Configuration, however, once you create a new Configuration by clicking Overview and then, Add New, it will override the Global Configuration settings.The following image shows the Configuration tab.
-
Click the Overview button within the drawer to access all information pertaining to the rule.
Within Knowledge Explorer, an overview page for the selected rule is displayed. From here, you can enable or disable the rule, see the relevant device vendors and OSes relevant to it, create custom configurations, and more, as shown in the following image. The following sections provide details on the actions you can perform from the overview page.
Disable a rule
From the overview page that is displayed within Knowledge Explorer for the selected rule, click the Disable button to completely disable the rule.
To disable a rule for only some devices or only for some labels, scroll down to the Disable section, then select the devices and labels for which the rule will be disabled.
Configuring Rules
You can create as many rules as you want by leveraging Labels and Devices. Use labels to better manage and tune your system.
Using multiple rules may be useful in situations where you would benefit from an escalating notification procession, or require more nuanced rules to uncover issues.
From the overview page that is displayed within Knowledge Explorer for the selected rule, navigate to the Configuration section, then click Add New to create a custom rule configuration.
From the Create Custom Configuration window that is displayed, configure the list of actions, severity, devices, and labels that are relevant to the new configuration.
Create an Exclusion Pattern
You can define an exclusion pattern to persistently exclude an issue item from an issue. For example, you have a disaster recovery strategy in place. Under normal operations, many of the disaster recovery services are not available. In this example, your disaster recovery BGP peer is always down, so you want to exclude the peer from the “BGP peer(s) down” alert. To do that, create an exclusion pattern for the “BGP peer(s) rule” that matches the BGP peer for disaster recovery, as shown below: From the overview page that is displayed within Knowledge Explorer for the selected rule, navigate to the Excluded Patterns section and click Add New. The Create Pattern page appears.
In this example, 10.11.94.61 will be excluded from all the Check Point devices. You can use a wildcard if you want to exclude multiple issue items that share the same prefix. For example, you can define 10.11.* using the same example. You can also create multiple entries to exclude multiple issues items.
You can modify or remove the pattern anytime. It will take effect in the next evaluation cycle. In some cases, it can take up to an hour for the change to take effect.
Auto-Triage Workflow Visualization
Knowledge Explorer visualizes the step by step troubleshooting workflow so you can understand our complete decision tree.
-
From the Knowledge Explorer tab, navigate to a rule with Auto-Triage Element. You can select the Rules with Auto-Triage checkbox to display only the rules with Auto-Triage Element.
To review a rule in more detail, simply click on a rule of interest to update the rule summary drawer on the right-hand side of the page.
-
Click the OVERVIEW button at the bottom right corner to see more details.
-
From the overview page that is displayed within Knowledge Explorer for the selected rule, click the Vendor button with the Automation icon, then click on the workflow diagram icon at the bottom right, as shown in the following image.
The workflow diagram is displayed.
-
Scroll up and down to view the entire workflow. To view specific commands, click on the box.
Export the list of Auto-Detect Elements for a vendor
For example, to retrieve the list of rules applied to Check Point devices, set the filter to vendor, select checkpoint.
The system will return the full list of rules for Check Point. On the Rule Name column, right click on any row.
Select the Export format, the system will export the list of issues pertaining to Check Point.
Tips and Tricks
Try filtering by keyword or All Categories, to see a list of device-specific rules. Search for generic words such as memory or CPU to bring up a list of system rules that contain those words.
You can keep track of what Rules have been modified if they transition from Unchanged to Changed.
You can also add a search word to further filter the Category Selection.