Linking and importing an audit policy

An audit policy can be used inside audits and snapshot specifications, or other audit policies, through linking. Audits and snapshot specifications also use audit policies through importing.

Linking an audit policy

Linking an audit policy to an audit or snapshot specification enables the audit or snapshot specification to use the exact same rule set of the audit policy. If any of the rules in the audit policy change, the same changes are reflected in the audit and snapshot specification’s rules the next time they are run, since they link to the rule set defined in the audit policy.

You can break this link by selecting the Enable unlinked rules (prevents linking to predefined audit policies) option. See Configuring the file rule.

Audit policies can be also be linked to other audit policies, and you can link as many audit policies as you want into an audit policy. When you link one or more audit policies to an audit policy, the linked audit policies become children of the parent audit policy. If you create an audit that links to the parent audit policy, when you run the audit on a target server, the rules from all linked policies are run against on the target server.

Importing an audit policy

Importing an audit policy into an audit or snapshot specification imports all rules from the audit policy. After they are imported, the rules are editable. When you import an audit policy into an audit, you can choose to replace any current values in the audit or merge rules from the audit policy with those in the audit or snapshot specification. Audit policies cannot import rules from another audit policy; however, they can link to other audit policies.