# Policy Manager

In the Policy Manager, you can manage the settings of multiple hosts collectively. You can:

* allow monitoring of Advanced Persistent Threats.
* enable the Enginsight Tray Icon.
* subject your hosts or all drives to extended software monitoring.
* restrict network traffic using Shield and block connections.
* define the execution of custom plugins.
* activate File Integrity Monitoring.
* manage AutoUpdates.
* activate SIEM functions for individual hosts.

The settings are immediately applied to all selected hosts.

<figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2FWmaEDwmb0m4gbEvRktXY%2FOhne%20Titel.png?alt=media&#x26;token=e00b54e2-5ea3-4d94-bdfa-478e06bf48cc" alt=""><figcaption></figcaption></figure>

## Add Policy <a href="#add-policy" id="add-policy"></a>

Click **Add Policy** at the top right of the screen. After configuring your Policy Manager, click **Create Policy** to add the policy.

### Basic settings&#x20;

<figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2FVXlykplcckr7XEX4nbvN%2Fimage.png?alt=media&#x26;token=a959b8e2-9cf1-4ecc-8f35-dc4ad248f94a" alt=""><figcaption></figcaption></figure>

1. Assign a **name** and **description**.
2. Set the **priority** of your policy.
3. Under **Assigned Hosts**, specify the hosts to which the settings should be applied. You can either select the hosts directly or use T**ags**, which we recommend.

### Available Settings&#x20;

You will then find settings grouped under **Available settings**. Click on a field to reveal the grouped settings and manage them yourself. You can choose from the following options:

#### **Enginisight Intrusion Detection System (IDS)**

<div align="left"><figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2FRPyFHzxD1WWOraN4YjnO%2Fimage.png?alt=media&#x26;token=5bdd51c1-ec21-4d46-bd98-7a004f2e5666" alt=""><figcaption></figcaption></figure></div>

**Enable** the IDS to analyze network traffic on the assigned hosts. Allow IP addresses to be concealed via **IP anonymization** or define the **detection level of the intrusion detection system** for the policy.

#### **Enginsight Shield**

<div align="left"><figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2FdYh1dNCVt0zjyj5rlMXJ%2Fimage.png?alt=media&#x26;token=0eff643e-c7c9-4821-a5de-5a9a01a486bc" alt=""><figcaption></figcaption></figure></div>

**Enable** Shield to restrict network traffic and block connections.

#### **Plugins**

<div align="left"><figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2FrVGgS5O2WEUohGqqFtcr%2Fimage.png?alt=media&#x26;token=4a69f0d3-7981-4107-915a-0317808b6131" alt=""><figcaption></figcaption></figure></div>

**Enable** the host to run custom plugins.

#### **File Integrity Monitoring**

<div align="left"><figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2FiUQ2FOiTfhoYxfju4Dtr%2Fimage.png?alt=media&#x26;token=509d3a39-0cfc-4353-85eb-3d9572ac5ea1" alt=""><figcaption></figcaption></figure></div>

**Enable** the file integrity monitoring functions.

#### **Advanced Settings**

<figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2FgSdzusNZMvLgYki2jrz7%2Fimage.png?alt=media&#x26;token=ea24970b-e6b9-4722-b09e-01683c9a1653" alt=""><figcaption></figcaption></figure>

Enable the option **Recording of security relevant events** to allow Pulsar access to logs. Use **Extended Software Monitoring** to scan files every 24 hours and thus optimize software detection, or use **Extended Software Monitoring on all dics**. Enable monitoring of all services using **Extended Service Monitoring**. Create specific **Exception lists** for services, connections, or dics that you want to exclude. Or use the option to **Costumize your API/URL** when it changes.

#### **Automatic OS updates**

<div align="left"><figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2FH4bQaLGEKiMfXkT0xWId%2Fimage.png?alt=media&#x26;token=8c60c276-9304-437e-a547-75299bc6bfe9" alt=""><figcaption></figcaption></figure></div>

**Enable** automatic installation of all system updates and, if necessary, restrict them to **security-related updates only**. Specify that the affected **systems should be restarted after the update**. Define an **OS update schedule** and set an **OS update time zone** for automatic execution. Specify **updates to be excluded**, which should not be executed automatically.

#### **Tray**

<div align="left"><figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2F7VJf31acB3fKYefopQmL%2Fimage.png?alt=media&#x26;token=5f51dafb-bf82-4eca-9cc7-7fe5a6b78863" alt=""><figcaption></figcaption></figure></div>

Enable the display of the **Enginsight tray icon** and specify whether you want to **Show notifications** for logged-in users regarding your security status.

#### **Advanced Persistent Threats**

<div align="left"><figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2F2nLE6m3srGlqyJMnW4ua%2Fimage.png?alt=media&#x26;token=f28d2dfd-3ad1-4044-9c6d-7f79633f9c11" alt=""><figcaption></figcaption></figure></div>

**Enable** scanning for advanced persistent threats.

#### **SIEM-Intergration**

<div align="left"><figure><img src="https://97980696-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F-LTMe1v0eboWCAUTQHbT-887967055%2Fuploads%2FoLzzGthv96QhDHpmBANO%2Fimage.png?alt=media&#x26;token=4ac66276-1677-4b47-ac8c-b26fa8c6eb83" alt=""><figcaption></figcaption></figure></div>

**Enable** log recording by the SIEM.

{% hint style="danger" %}
**Do you want to delete or undo a policy?**

When you create a policy, the settings of the assigned hosts are overwritten. If you delete a policy, the settings in the individual host settings are initially retained.

If you want to undo a setting that you made via a policy, you must also do one of the following after deleting the policy:

* Adjust the settings of the individual host.
* Create a new policy that adopts the changed settings for the hosts.
  {% endhint %}

{% hint style="info" %}
If there are multiple policies assigned to the same host and the same settings are managed via the policy, Enginsight selects the settings of the most recently created policy.
{% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.enginsight.com/docs/master/operation/platform/host-pulsar-agent/policy-manager.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.