Tetration - Policy Analysis

Before making any policy changes, we usually would want to be able to analyze how it would impact traffic. Tetration has the ability to simulate and validate policy before applying changes using its Policy Analysis feature.

To analyze the policy, we would want to start out by clicking on the Policy Analysis link on the top right-hand corner of Tetration’s Applications dashboard.

From this screen, we can analyze the policy against any timeframe by selecting a timeframe or entering a custom timeframe.

Or we can manually select a timeframe on the timeline as shown below.

On the charts below, Tetration will start to pinpoint and color code different levels of traffic based on the policies created.

We can then filter permitted traffic, misdropped, escaped and rejected in this chart. To understand this a little more:

  • Permitted - Allowed traffic

  • Misdropped - Packet that the policy stated should have been allowed but Tetration saw that it never made it to the other end. If the software sensor is running on both ends and Tetration saw a packet leave one host but it never arrived to the other without explanation, it would be categorized as misdroppped.

  • Escaped - The policy might state that a server can’t talk to another server on a certain port but Tetration still saw that traffic complete and it somehow escaped the policy. Some of the reasons this might happen is because the policy was removed from the endpoint or because someone uninstalled the software sensor from the workload.

  • Rejected - Denied traffic

By moving the mouse across the chart, we can get more information on the traffic itself.

By clicking on the traffic in the graph, we can scroll down to see that specific traffic in a little more detail.

After we finished our analysis, we could click on the Enforce Policies button on the top of this screen to push the analyzed policy out to the endpoints.

Likewise, we may also click on the Stop Policy Enforcement button to stop enforcing that policy. The one nice thing about this is that if we push a policy that breaks something, we can go back to the previous version of the policy quiet easily from here.

Another great thing that we can do is export or import the policy from this screen in JSON, XML, or YAML. To do so, click on the ellipsis on the top right-hand corner of the screen.

A great use case for the policy export is export them using JSON and then to import them into a firewall.