This section explains the definition files of keywords for exclusion from the targets of quarantining.
Using the definition files of keywords for exclusion from the targets of quarantining in combination with the definition file of the quarantine policy for security risks, it is possible to exclude security risks sent in notifications from one of the following servers to the Resource Orchestrator manager from execution of the selected action.
Create these definition files when "ALL_DISABLE" is not specified in "avmgr.corp.action_filter_base" in the definition file of the quarantine policy for security risks, and there are security risks that you want to exclude from execution of the selected action.
When "ALL_DISABLE" is specified in "avmgr.corp.action_filter_base", the content specified in these definition files is ignored.
It is not necessary to restart the services of the Resource Orchestrator manager after editing this type of definition file.
Installation_folder\SVROR\Manager\etc\customize_data
Information
The sample definition file (avmgr_corp_filter_disable.en.rcxprop.sample) is stored in the location above.
When using the sample as the definition file, place the file after deleting the ".sample" included in the file name.
avmgr_corp_filter_disable.en.rcxprop
[Windows Manager]
UTF-8
[Windows Manager]
CR/LF or LF
Separate multiple keywords using line breaks (CR/LF or LF).
Keyword 1 for exclusion from the targets of quarantining
Keyword 2 for exclusion from the targets of quarantining
Keyword 3 for exclusion from the targets of quarantining
Alphanumeric characters and symbols (ASCII characters (0x20 - 0x7e)) can be used in keywords.
keyword1<line break (CR/LF or LF)> keyword2<line break (CR/LF or LF)> keyword3<line break (CR/LF or LF)> ...
When the Resource Orchestrator manager is notified of a security risk containing any of the specified keywords, the corresponding L-Server will be excluded from execution of the selected action.
Example
keyword_of_unquarantine<line break (CR/LF or LF)>