Alerting: Import or Export Rules

Document created by RSA Information Design and Development Employee on Apr 22, 2016
Version 1Show Document
  • View in full screen mode

The topic provides instructions to import ESA rules from a Security Analytics instance and to export ESA rules to your hard drive so you can keep a local copy.

If you exported a rule in an earlier version of Security Analytics, the following conditions apply when you import the rule in version 10.5 or later:

  • Exported in version 10.3 – You cannot import rules to version 10.5.
  • Exported in version 10.4 – Rule behavior depends if cross-correlation is disabled, which is the default, or enabled:
    • Disabled – You can import rules to version 10.5.
    • Enabled – You must restart Security Analytics or make a minor change to the rule, save, remove the minor change and save again. Either procedure generates the forwarding rule that the 10.5 cross-site correlation feature requires.


Import ESA Rules

  1. In the Security Analytics menu, select Alerts > Configure > Rules.
    The Rules tab is displayed.
  2. In the Rules Library toolbar, click  Actions menu cropped > Import
    The Import ESA Rules dialog is displayed.
  3. Click Browse to browse and select the file containing the ESA rules.
  4. Click Import. 


  1. Select an ESA rule or multiple rules and click Actions menu cropped > Export in the Rule Library toolbar.
    A warning dialog is displayed.
  2. Click Yes.
    The Export Rules dialog is displayed.
  3. In the Enter File Name field, type a filename for the file with the ESA rules and click Export.
    The file is exported as a binary file to your machine.

Note: The binary file cannot be edited.

You are here: Add Rules to the Rules Library > Additional Procedures > Import or Export Rules