Incident Management: Aggregation Rules Tab

Document created by RSA Information Design and Development on May 10, 2016
Version 1Show Document
  • View in full screen mode
 
  

This topic covers information of parameters required in creating and managing aggregation rules for automating the incident creation process as part of the incident management workflow.

To access the Aggregation Rules view, in the Security Analytics menu, select Incidents > Configure > Aggregation Rules. The Aggregation Rules view is displayed.

Features

The Aggregation Rules tab consists of a grid and toolbar.

Aggregation Rules Grid

The following table lists the parameters that need to be provided for creating new aggregation rules.

                                       
ParameterDescription
OrderDenotes the order in which the rule is placed. The rule order determines which rule takes effect if the criteria for multiple rules match the same alert.
NameDisplays the name of the rule.
EnabledDenotes whether the rule is enabled or not.
The green_dot.png specifies the rule is enabled.
DescriptionDisplays the description of the rule.
Last RunDisplays the time when the rule was last run. This value is reset once a week.
Matched AlertsDisplays the number of matched alerts. This value is reset once a week.
To change the setting, see the Set Counter for Matched Alerts and Incidents topic in the Incident Management Configuration Guide.
IncidentsDisplays the number of incidents created by the rule. This value is reset once a week.
To change the setting, see the Set Counter for Matched Alerts and Incidents topic in the Incident Management Configuration Guide.

Toolbar

The following table lists the operations that can be performed in the Aggregation Rules view.

                         
ParameterDescription
Allows you to add a new rule.
Allows you to edit a rule.
delete_rule_icon_im.png Allows you to delete a rule.
clone_rule_icon_im.png Allows you to duplicate a rule.
You are here: Incident Management Reference Information > Configure View > Incident Management: Aggregation Rules Tab
1 person found this helpful

Attachments

    Outcomes