Alerting: Step 1: Name and Describe the Rule

Document created by RSA Information Design and Development on Jul 26, 2016Last modified by RSA Information Design and Development on Jul 26, 2016
Version 2Show Document
  • View in full screen mode
 

When you add a new rule, the first information to provide is a unique name and description of what the rule detects. After you save the rule, this information is displayed in the Rule Library. 

Prerequisites

You must have permission to manage rules. See Role Permissions.

To name and describe a rule:

  1. In the Security Analytics menu, select Alerts > Configure > Rule.
  2. In the Rule Library, select addList.PNG > Rule Builder.
    The New Rule tab is displayed.
    RBTopBlank.png
  3. Type a unique, descriptive name in the Rule Name field.
    This name will appear in the Rule Library so be specific enough to distinguish the rule from others.
  4. In the Description field, explain which events the rule detects.
    The beginning of this description will appear in the Rule Library
  5. Select Trial Rule to automatically disable the rule if all trial rules collectively exceed the memory threshold. 
    Use trial rule mode as a safeguard to see if a rule runs efficiently and to prevent downtime caused by running out of memory. For more information, see Work with Trial Rules.
  6. For Severityclassify the rule as Low, Medium, High or Critical.
You are here: Add Rules to the Rule Library > Add a Rule Builder Rule > Step 1: Name and Describe the Rule

Attachments

    Outcomes