Qradar Regex Filter

It uses the free and open source Nxlog tool to send your logs. This operation takes a string and a regexp operand and evaluates to a boolean value which will be TRUE if the regular expression matches the subject string. Note that this routine does not filter a dataframe on its contents. You can create a regex-based custom property to match event or flow payloads to a regular expression. It can take regular expressions, and its search can be case sensitive. Rather than the concept of bytes & packets, which flow from 1 host, to the other, and back, the concept of a flow represents the entire session, a count of the bytes and packets generated in the communication, the flags, protocol used, and the time that it. With an added quantifier that repeats the character class one or more times, and anchors that bind the match to the start and end of the string, we're good to go. Stack Exchange network consists of 175 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Each API operation is exposed as a function on service. \d {1,3} \. Parvez has 4 jobs listed on their profile. Subscribes to a Security Hub product. Lucene Core, our flagship sub-project, provides Java-based indexing and search technology, as well as spellchecking, hit highlighting and advanced analysis/tokenization capabilities. It’s trivially discoverable using fuzz lists such as Weblogic. It attracted more than 1500 IT firms including Apple, Microsoft, Amazon, Google, Salesforce, and many more. Interpret common system notifications. It is a SIEM solution that provides security, integrity, and resilience to logs collected from critical resources. All matching files are included in the processing. It is a premium software Intrusion Detection System application. Searching Your QRadar Data Efficiently QRadar Quick Filter for this task. Using Regex Functions in Excel. Now, I do not run any of the big firewalls that they support but I do run pfSense, which i believe is one of the best solutions for the home network. To require the match to occur only at the beginning or end, use an anchor. A user is complaining about slow traffic on a specific network segment, and an administrator has been asked. All you need to know is a little bit of RegEx and that is all. Use the QRadar Experience Center App to learn about the QRadar capabilities, simulate common threats, work with log samples in real time, and learn how to analyze your logs. vcex file - Free Exam Questions for IBM C2150-612 Exam. Discussion forums, mailing lists, and user groups for Elasticsearch, Beats, Logstash, Kibana, ES-Hadoop, X-Pack, Cloud and other products in the Elastic ecosystem. NERC CIP Faq Frequently asked questions for Change Tracker and NERC CIP version 5 Requirements Does NNT Change Tracker develop a baseline configuration, individually or by group, which includes the following items: 1. Review the list of free and paid Snort rules to properly manage the software. Jeffrey Wheat Director of Solutions Engineering at @RISK Technologies, Inc. Regex Custom Property B. For each stream you wish to capture, create a stanza called [] which can be anything as it’s an identifier. How do I use the yum command to update and patch my Red hat Enterprise Linux / CentOS Linux version 5. Improved currency of searches, filters, and rules. Use Splunk to search, monitor, analyze and visualize machine data. Nos spécialistes documenter les dernières questions de sécurité depuis 1970. For example, unsuccessful login attempts or the number of events by source. org for more. Writing Regex For Qradar; How to DO QRadar! Security Operations Center in horizon. The Get-WinEvent cmdlet connects to the PDCe and looks at the Security log. Calculation Based Custom Property Answer: A NO. This is actually a perfectly valid regex. All matching files are included in the processing. Notify users via Nagios XI / Nagios Core, email, SNMP traps, or execute a script to ensure quick problem resolution. Important Note: The backslash is also a special escape character for the parser. The code works same (extract regex) correctly if there is just one text tag. RegEx for Json Match if doesn't start with string all except word Find any word in a list of words match whole word Match anything after the specified Simple date dd/mm/yyyy Regular Expression For Decimal Validation | Taha. vcex file - Free Exam Questions for IBM C2150-612 Exam. Asset Search D. Define a filter to restrict to which events the event rule must apply. The NXLog Community Edition is an open source log collection tool available at no cost. One can create a very slow search filter using unoptimized regular expressions, and one can create an extremely fast AQL query that only tests based on mathematics. Apply to Senior Network Engineer, Firewall Engineer, Network Security Engineer and more!. Enter a name and description for the new filter and click Add. An invalid regular expression (regex) contained in a rule search filter test can cause a NullPointerException to be generated visibile in the qradar log files. Regular expressions tests Rules that test if the event payload contains or matches a regular expression, perform a search of the entire payload and have a greater impact on QRadar SIEM performance. The IT expert team use their knowledge and experience to make out the latest short-term effectiveContinue reading. € All matches are case sensitive and use PCRE based regular expression formats. You can do this with a regular expression search with a curl command like the one below; note that I omitted. Perform Quick (Lucene. 6 Associate Analyst Online Training provide you with the most comprehensive information and quality service, which is your unique choice. List of Top Level Networks using Rest API. QRadar Community Edition offers a great way to better understand the product. This is an advantage over the per-deployment logging configuration as the redeploy is not required for logging changes to take affect. QRadar removes the outer brackets from the expression. A malicious user with normal user privileges on the guest machine may exploit this issue in conjunction with othe. Actions can be detections or blocks. A regular expression, or regex for short, is a pattern describing a certain amount of text. In QRadar's terms, a flow represents a report, generated/updated minute by minute, of a session between two endpoints connected to network. Jeffrey Wheat Director of Solutions Engineering at @RISK Technologies, Inc. A: Yes, McAfee SIEM allows users to create custom parsers for data sources that McAfee SIEM doesn't support out of the box. GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together. Top 30 Splunk Interview Questions To Prepare In 2019 then pick and choose the most appropriate filter for a better view of results. In the Scanner Name field, type a name to identify the AXIS scanner. If you want to use a proxy for this connection: Ensure that the configuration test was successful before proceeding. Let's break the expression down. This site uses cookies for analytics, personalized content and ads. The administrator wants to get an. << Back to Security Intelligence Advanced Topics. The Filters view displays the Syslog filters that are configured, if any. Report only metrics matching a JavaScript regular expression. 2, you can reduce the lag time of expired reference data to as little as 1 minute to improve the currency of QRadar searches, filters, and rules. Perm Regexp Access: Allows users who have this permission enabled to edit the regular expression table. uk with a CNAME record for www that redirected to forcesafesearch. The Add Filter dialog displays. Hybrid Analysis develops and licenses analysis tools to fight malware. NET model you had to work with previously turning a request into a concise one liner similar to curl (Which is also an alias for Invoke-WebRequest in PowerShell). The low-stress way to find your next splunk job opportunity is on SimplyHired. QRadar is a modular, scalable, appliance-based SIEM solution. IBM Security QRadar SIEM Training in Hyderabad. This is clearly documented in the manual. When you finish specifying the filter details, click Go. The code works same (extract regex) correctly if there is just one text tag. Tools like Logstash or Fluentd require configuration for parsing. Resolving The Problem. The PCRE engine is used to to execute the regular expressions. A quick reference guide for regular expressions (regex), including symbols, ranges, grouping, assertions and some sample patterns to get you started. Storage retention for. 6 certification. The QRadar Log Activity Regex Filter validation does not allow for min/max quantifiers. So the main problems are its cost, the maintenance cost, and the fact that it takes. Hyderabad is the capital city of Telangana state and is well known for the major technology township, HITECH city, as well as India's largest start-up ecosystem, T-Hub. ScienceSoft implemented and customized IBM Security QRadar SIEM for one of the US states' government. Welcome to Rsyslog¶. This new connected pitcher with Amazon Dash Replenishment gives Brita owners exactly what they want -- a new Brita filter on their doorstep at the time they need it", says Amazon. Non-Printable Characters. The QRadar Experience Center App is designed for educational purposes, and its menu includes useful videos, links, an FAQ section, and more. Data model datasets can get additional fields at search time through regular-expression-based field extractions, lookups, and eval expressions. Learn how to use the new DSM Editor to create and modify Log Source Externsions. Before you add a payload test to a rule, include filters in the rule that reduce the number of events. 6 certification. ppt), PDF File (. A brief daily summary of what is important in information security. SIEM users will generally use regex to parse the various message formats, and then create normalization mappings. DAM data classification engine can identify sensitive information with minimum number of false positive results based on catalog, regular expression, dictionary or custom searches. In the QRadar Integration with Resilient, when creating the Automatic Escalation Conditions the "Value Match Expression" placeholder text calls for a regex value. This comes so handy if you want to extract different fields. URL filter wildcard expression not matched correctly on proxy mode. As ColinH(IBM) mentioned, there is an identifier field that you can filter for in the API. Essentially, they take logs from a network source, filter them, and spit them right back out to QRadar. In the Scanner Name field, type a name to identify the AXIS scanner. الانضمام إلى LinkedIn الملخص. *txt' Set the recurrence to specify the interval at which Qradar will import the logs. Apply to Senior Network Engineer, Firewall Engineer, Network Security Engineer and more!. Network Intrusion Detection System workflows for Suricata - beyond packets of the JSON fields if you are good at RegEx. Use the advanced view to create an event rule with regular expressions (regex). This way, you're sure that your property will only be visible for this log source type. A user is complaining about slow traffic on a specific network segment, and an administrator has been asked. If you ask a question, always include your QRadar version with your question. Monitor, troubleshoot and secure your apps with a machine data analytics platform based on ELK & Grafana. IBM Security QRadar SIEM V7-2-6 Associate Analyst. A regular expression is a pattern that the regular expression engine attempts to match in input text. Upcoming Events February 2019. You can use special character sequences to put non-printable characters in your regular expression. 1912 System Administrator Jobs in Bangalore : Apply for latest System Administrator Jobs in openings in Bangalore for freshers and System Administrator Openings in Bangalore for experienced. syslog-ng Open Source Edition (OSE) is the trusted log management infrastructure for millions of users worldwide. Payload contains regex tests Correct Answer: B Which QRadar component is designed to help increase the search speed in a. Click Test Configuration. The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards. txt) or view presentation slides online. Actions can be detections or blocks. عرض ملف Ishtiaq Ahmad - Team Lead - Security Operations Center(SOC), Incident Response الشخصي على LinkedIn، أكبر شبكة للمحترفين في العالم. At this point, the event name will show the “unknown” on the Qradar log viewer. On this video I show how to create custom field on Qradar SIEM to be able to filter URL visited by Squid WebProxy users. You can use regular expressions in Forcepoint Email Security Cloud to create dictionary entries for lexical rules (see Filtering using lexical rules). 8 Patch 1 or later to QRadar 7. This is clearly documented in the manual. A logging profile can be assigned to any number of deployments. This notice is intended to information and update administrators with the latest information. Regex Tester requires a modern. Usually system() and internal() sources are configured together in the beginning of the configuration file. When you run logstash, you use the -f to specify your config file. Let's break the expression down. Jump to: navigation, search. Matching an IP address is another good example of a trade-off between regex complexity and exactness. We have seen, what the simplest regular expression looks like. However, none of these options work in QRadar as of now, and there is an open ticket for it with the QRadar team. In the QRadar Integration with Resilient, when creating the Automatic Escalation Conditions the "Value Match Expression" placeholder text calls for a regex value. All matching files are included in the processing. In addition events can be send to HPE OM and HPE OMi. This is a public service message. Putting together missing pieces that should get you to solve certain issues without wasting many hours searching the internet. While it is challenging to separate noises from legitimate traffic, a good log correlation tool can be used to filter out the legitimate traffic so security staff can focus on the noises. Argument Reference The following arguments are supported: product_arn - (Required) The ARN of the product that generates findings that you want to import into Security Hub - see below. The following images show a example of using regex to search for information within the quick filter. IBM Security QRadar Troubleshooting System Notifications 1 SYSTEM NOTIFICATIONS IBM Security QRadar provides notifications for a variety of events that occur in your QRadar deployment or on your QRadar system. \d {1,3} \. ---=AAA& ,AAA, this is example of logs , and the both of regex match correctly the field wanted, but qradar accept $1 for the first regex but doesn't accept $1 for the second – Bahaeddine Hilali May 17 '17 at 10:43. As a result, if you want to include backslash in your regular expression, you must use two backslashes — so that after parsing, only one "real" backslash remains, which is then passed to the regular expression system. Regex Custom Property B. Pass IBM IBM Security QRadar SIEM V7. In this recipe, we forward messages from one system to another one. entering this phrase verbatim into your "attachment filename" criteria had much better success against my scripts: \. The DomainTools Iris App in QRadar handles the task of extracting this second level domain name from the FQDN or a complete URL. Configure tags on TAXII DataFeed nodes Under Nodes select the TAXII DataFeed nodes and add the access tag. I have 400+ word entries in a ref set and looking for a way to match exact word in a payload. The Linux Find Command is one of the most important and frequently used command command-line utility in Unix-like operating systems. 0 QRadar API Guide (PDF). in the Export Log Filters section. A filter is then applied, using the XPath language. 155 Configuring a log sour ce. IBM Security QRadar DSM Configuration Guide. Click the Admin tab. QRadar WinCollect and Native Windows Event Collection: How to Do It Right, Filter the Noise and Simplify your Infrastructure Filter the Noise and Simplify your. JSON or JavaScript Object Notation is a lightweight text-based open standard designed for human-readable data interchange. From product training to penetration test training, Rapid7’s resident experts are ready to propel you to the top of your game with essential, hands-on curricula that will help you maximize your skills, resources, and tech stack. IT Security, Development and other fun stuff. the filter's not working because i was testing offbox on a linux system and it's not going to work in the content filter regex syntax. Here's how to run the cmdlet local to the system where the event log is. For example, a rule test that generates an offense after 5 failed login attempts within 10 minutes or matching regular expressions are rules evaluated by the CRE. A user is complaining about slow traffic on a specific network segment, and an administrator has been asked. Adding a new role. These cmdlets are a huge improvement coming from the. Nos spécialistes documenter les dernières questions de sécurité depuis 1970. 1,876 Senior Splunk Engineer jobs available on Indeed. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. 8 QRadar API Guide (PDF) 7. Writing Regex For Qradar; How to DO QRadar! Security Operations Center in horizon. In the QRadar Integration with Resilient, when creating the Automatic Escalation Conditions the "Value Match Expression" placeholder text calls for a regex value. Service Description. Configure the filter by providing a set of conditions that each event must match to be either excluded or included from applying to the event rule. Creating a regex-based custom property You can create a regex-based custom property to match event or flow payloads to a regular expression. Reports with the execution time exceeding the established timeframes due to modifications in incoming data amount, QRadar filters or search criteria. Event rules use the fields from the event to generate alerts. All matching files are included in the processing. Valid regex that falls between the forward slashes is evaluated by QRadar. What's new in Version 2. So the main problems are its cost, the maintenance cost, and the fact that it takes. Improved currency of searches, filters, and rules. This will pass all data through to the output stanza created above. Unformatted text preview: IBM Security QRadar DSM Configuration Guide February 2017 IBM Note Before using this information and the product that it supports, read the information in "Notices" on page 919. some thing about perl - Download as Powerpoint Presentation (. Preparing for your IBM C2150-612 exam with correct C2150-612 dumps today. Detecting DNS Tunneling. Note that this routine does not filter a dataframe on its contents. In search of the perfect URL validation regex. ReliaQuest is now hiring a Content Developer in Dublin. If the regular expression used to match against event names is working then the events should start appearing in the Qradar log window. without prefix or with it. They use Grok filters, which are regular expressions to extract each field from the log line. v2017-04-20. DenyHosts 2. FGT D series number of web filter profiles decreased globally. Undo & Redo with Ctrl-Z / Y. Regex memory message being seen in the Proxy SG Event log Troubleshooting Regex-Optimize Messages in the ProxySG or ASG Event log You deny access for a category but you want to allow one specific address which belongs to that category. In the QRadar Integration with Resilient, when creating the Automatic Escalation Conditions the "Value Match Expression" placeholder text calls for a regex value. depends on the first filter. The internet, available to a regular individual does not provide a decent quality of knowledge. You can reference event fields in a configuration and use conditionals to process events when they meet certain criteria. Instead of serially matching all regular expressions, we compile a set of shortest patterns most frequently seen in regular expressions that allows to quickly filter out events that do not match any of the IDS signatures. Try Tenable. This reports the number of dropped messages over a 15-minute time period. If you are new to Splunk software, start here! The Search Tutorial guides you through adding data, searching, and creating simple dashboards. The filter is applied to the labels of the index. Regular expressions tests Rules that test if the event payload contains or matches a regular expression, perform a search of the entire payload and have a greater impact on QRadar SIEM performance. An issue has been identified in QRadar 7. This is the regular expression match operation as in Perl. Feb 8 - QRadar Under the Radar Demo w/Q&A; Feb 11-15: List of QRadar Think 2019 Sessions (and. Argument Reference The following arguments are supported: product_arn - (Required) The ARN of the product that generates findings that you want to import into Security Hub - see below. Appliance type, Core version of the system, Patch number, Is the QRM enabled, What's the IP address, Is the appliance you ran this command is a console, What's the kernel architecture, Information about CPU, Operating System and if this is HA host or not. to Wireshark to filter down the PCAP. Use Tools to explore your results. Easily create alerts from the web-interface based on queries and thresholds most important to you. The following tables describe the elements of regular expressions. Product information This document applies to IBM QRadar Security Intelligence Platform V7. The Evolution of Enterprise Application Security 4 We used to think of an application as a binary or single host deployment accessed by PCs (or terminals!) that always reached the server-side of the application through a firewall. Use the Invoke-RestMethod cmdlet to work with REST-based APIs. Try Tenable. IBM Certified Deployment Professional - Security QRadar SIEM V7. USER GUIDE: FORTINET FORTIGATE APP FOR QRADAR OVERVIEW The Fortinet FortiGate App for QRadar provides visibility of FortiGate logs on traffic, threats, system logs and performance statistics, wireless AP and VPN. *, ? which is translated to. The Add Filter dialog displays. Especially after the Policy Builder version 10. IBM Security QRadar SIEM Training in Hyderabad. The quality of Exam4Training product is very good and also have the fastest update rate. A: Yes, McAfee SIEM allows users to create custom parsers for data sources that McAfee SIEM doesn't support out of the box. Stack Exchange network consists of 175 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers. Click the Admin tab. The Get-WinEvent cmdlet connects to the PDCe and looks at the Security log. Click the VA Scanners icon. Read what people are saying and join the conversation. Select either General Mask (a regular expression that will match any substring in the packet payload) or Field Mask (a regular expression that will match only the value of a specific form input). It's a little bit too expensive for us. RegEx Testing From Dan's Tools. ArcSight provides the ability to filter or modify events at the collection and logging level to eliminate the events that are not of security value. is a cybersecurity company created on the single vision of simplifying authentication. 8 QRadar API Guide (PDF) 7. 2 allows attackers to potentially cause information disclosure, denial of service, or possibly code execution by providing a crafted regular expression. The administrator wants to get an. When you run logstash, you use the -f to specify your config file. Illustrate the impact of QRadar property indexes. That regular expression accepts ipv4 address like 192. In this work, we present an approach for selective matching of regular expressions. 0 P/N 9034592-05; Page 3 Enterasys Networks reserves the right to make changes in specifications and other information contained in this document and its web site without prior notice. CVE-2018-17382. It can take regular expressions, and its search can be case sensitive. Expression-based filters. Example: ICMP service. For example, a rule test that generates an offense after 5 failed login attempts within 10 minutes or matching regular expressions are rules evaluated by the CRE. Find command is used to search and locate the list of files and directories based on conditions you specify for files that match the arguments. k Click Test to test the property expression definition 7 Click Save Use case from SECURITY 1 at École Nationale Supérieure d'Electricité et de Mécanique. But while feasible, no correlation engine to date performs well search for a partial match of multiple signatures or regular expressions within a field. Product information This document applies to IBM Security QRadar Security Intelligence Platform V7. I have to use payload because it is very hard create a custom event property (the values are not predictable and poplated inconsistently) e. Searching Your QRadar Data Efficiently QRadar Quick Filter for this task. I have decided to install QRadar CE on a VM at home to give it a try. The Barracuda Web Application Firewall firmware version 8. I have 400+ word entries in a ref set and looking for a way to match exact word in a payload. *txt' Set the recurrence to specify the interval at which Qradar will import the logs. Matching an IP address is another good example of a trade-off between regex complexity and exactness. If you want your ex-girlfriend or ex-boyfriend to come crawling back to you on their knees (even if they're dating somebody else now) you gotta watch this video. This can be as close to event source as possible using SmartConnectors: QRadar provides capability to filter using Routing rules. The final section moves up a gear or two. Rather than the concept of bytes & packets, which flow from 1 host, to the other, and back, the concept of a flow represents the entire session, a count of the bytes and packets generated in the communication, the flags, protocol used, and the time that it. Putting together missing pieces that should get you to solve certain issues without wasting many hours searching the internet. Valid regex that falls between the forward slashes is evaluated by QRadar. The filter is applied to the labels of the index. PracticeTest. The QRadar Log Activity Regex Filter validation does not allow for min/max quantifiers. In our introduction to regular expressions we have covered the basic aspects of regular expressions. 1 Purpose: - After a change has been issued against a "logon server", that domain controller would have the latest revision of GPO replication version. While it is challenging to separate noises from legitimate traffic, a good log correlation tool can be used to filter out the legitimate traffic so security staff can focus on the noises. What is ELK stack? ELK stands for Elasticsearch, Logstash and Kibana. I adapted the regular expression taken from JGsoft RegexBuddy library to C language (regcomp/regexec) and I found out it works but there's a little problem in some OS like Linux. The Filters view displays the Syslog filters that are configured, if any. This can be as close to event source as possible using SmartConnectors: QRadar provides capability to filter using Routing rules. UPPER (Transact-SQL) 03/13/2017; 2 minutes to read +1; In this article. The second section of code will use regular expressions to match each of the role categories and store them in individual log files. A method of telling QRadar to parse information in a different way and use a different field in the Ariel database to store it. The XSSAuditor filter is located in between the HTML Parser and JS engines which helps with its accuracy. NET model you had to work with previously turning a request into a concise one liner similar to curl (Which is also an alias for Invoke-WebRequest in PowerShell). The internet, available to a regular individual does not provide a decent quality of knowledge. Subscribes to a Security Hub product. A filter is then applied, using the XPath language. The DomainTools Iris App in QRadar handles the task of extracting this second level domain name from the FQDN or a complete URL. A quick reference guide for regular expressions (regex), including symbols, ranges, grouping, assertions and some sample patterns to get you started. NERC CIP Faq Frequently asked questions for Change Tracker and NERC CIP version 5 Requirements Does NNT Change Tracker develop a baseline configuration, individually or by group, which includes the following items: 1. Name or user. Welcome to the Tenable Developer Portal! Tenable provides the world’s first Cyber Exposure platform, giving you complete visibility into your network and helping you to manage and measure your modern attack surface. There's a brief time lag before expired reference data is removed from the reference set. At IT Central Station you'll find reviews, ratings, comparisons of pricing, performance, features, stability and more. However, none of these options work in QRadar as of now, and there is an open ticket for it with the QRadar team. A simple regular expression GUI builder. It's a little bit too expensive for us. Monitor Logs from Amazon EC2 Instances – You can use CloudWatch Logs to monitor applications and systems using log data. Toggle navigation. It is available on all modern Unix systems, Windows, Mac OS X, BeOS, OS/2, and probably additional platforms. 6 Associate Analyst C2150-612 exam is a required test for IBM Certified Associate Analyst-Security QRadar SIEM V7. This guide will show you how to send your Windows Event Log to Loggly. View Parvez Gadkari’s profile on LinkedIn, the world's largest professional community. \d {1,3} \. For 1 day per week training the technical staff of Service provider in Information Technology on the use of IBM QRadar SIEM and getting the company up and running to deliver IBM QRadar SIEM in the cloud to it's first 10 clients. RegEx for Json Match if doesn't start with string all except word Find any word in a list of words match whole word Match anything after the specified Simple date dd/mm/yyyy Regular Expression For Decimal Validation | Taha. socket — Low-level networking interface¶. If you purchase the IBM C2150-612 IBM Security QRadar SIEM V7. IBM Security QRadar Version 7. A simple regular expression GUI builder. parsers a VERY easy job now. 6 Associate Analyst Online Training we provide, you can pass IBM certification C2150-612 exam successfully. In our introduction to regular expressions we have covered the basic aspects of regular expressions. Available self-paced, in-person and online. audit policies • Associate. QRadar is a modular, scalable, appliance-based SIEM solution. Access control defines explicit actions for requests that meet conditions based on URI, request headers, client IP address, or countries and regions. I am not exactly writing Java code however since QRadar uses Java regular expressions to parse the log file and since my question is a regular expression problem I am posting it here in hope of getting some pointers/solution to my problem. Especially after the Policy Builder version 10.