View a handling process

A dynamic policy is used to implement dynamic decision-making based on user operations and device status. If a device triggers the dynamic policy, Secure Access Service Edge (SASE) handles the device based on the configurations in the dynamic policy. This topic describes how to manage a handling process.

Prerequisites

A dynamic policy is configured, and a user or device triggers the dynamic policy. For more information, see Configure a dynamic policy.
SASE is activated. If SASE is not activated, you must purchase and activate SASE. For more information, see Service purchase. You can also apply for a 7-day free trial. For more information, see Apply for a free trial.
An Alibaba Cloud account or a Resource Access Management (RAM) user that has the permissions to access SASE is used. If you use a RAM user, you must grant the required permissions to the RAM user. For more information, see Grant permissions to a RAM user.
The version of the SASE client that is installed on terminals is V4.5.1 or later.

If a user or device matches the trigger conditions in a dynamic policy, SASE handles the user or device and generates a handling process. Different methods are provided to restore a handling process.

Log on to the SASE console.
In the left-side navigation pane, choose Dynamic Decision-making > Handling Process.
On the Handling Process page, search for the handling process that you want to manage. You can filter handling processes by time, action, restoration method, status, and user.
Click Details in the Actions column. In the Details panel, view the details in the Basic Information and Trigger Conditions sections.

Restore a handling process

You can use one of the following methods to restore a handling process.

Automatic Restoration: A handling process is automatically restored in the following scenario: A user or device of an enterprise triggers a dynamic policy, the user performs related remediation, and the user or the device does not trigger the dynamic policy upon the next detection or the dynamic policy is disabled.
For example, the trigger condition in a dynamic policy is that the version of the SASE client is earlier than V4.5.1, and the SASE client of a user matches the trigger condition and triggers a handling process. After the user upgrades the version of the SASE client to V4.5.1 or later, the handling process is automatically restored.
Authentication and Reporting: If a user or device of an enterprise triggers a dynamic policy and the user is forcibly logged off from the SASE client, the user can log on to the SASE client again to perform operations and the handling process is restored during the specified validity period. During the validity period, the policy is not triggered again.
Important
To use this restoration method, you must select Restoration After Authentication and Reporting when you configure the dynamic policy. For more information, see Configure a dynamic policy.
Restoration in Console: If a user or device triggers a dynamic policy, the administrator can manually restore the handling process in the console.
1. Log on to the SASE console.
2. In the left-side navigation pane, choose Dynamic Decision-making > Handling Process.
3. On the Handling Process page, use one of the following methods to restore the handling process:
  - Find the handling process and click Restore in the Actions column.
  - Find the handling process and click Details in the Actions column. In the Details panel, click Restore.
4. In the Note dialog box, enter a value for the Validity Period of Reporting parameter and click OK.
  If a user or device of an enterprise triggers a dynamic policy and the user is forcibly logged off from the SASE client, the user can log on to the SASE client again to perform operations within the specified validity period. During the validity period, the policy is not triggered again.

References

For more information about how to view the handling and restoration logs for dynamic decision-making, see Dynamic decision-making logs.