What is a sub-rule used for in policy configuration?

In policy configuration, a sub-rule is employed to specify follow-up actions after the conditions of the main rule have been matched. When the primary rule evaluates certain conditions successfully, the sub-rule takes effect, detailing the specific actions that should be executed in response to those conditions. This hierarchical structure allows for more complex and refined policy configurations, enabling administrators to create nuanced rules that can adapt to various conditions and context.

Sub-rules essentially provide a way to implement additional layers of logic or responses that enhance the overall effectiveness of the policy. For example, if a main rule identifies an endpoint as non-compliant, the sub-rule could define actions such as alerting a user, logging the event, or triggering remediation procedures. This separation of concerns improves the readability and maintainability of the policy, allowing administrators to easily understand the overall intent and specific responses associated with different conditions.