When you add a new rule, the first information to provide is a unique name and description of what the rule detects. After you save the rule, this information is displayed in the Rule Library.
You must have permission to manage rules. See Role Permissions.
To name and describe a rule:
- In the Security Analytics menu, select Alerts > Configure > Rule.
- In the Rule Library, select > Rule Builder.
The New Rule tab is displayed.
- Type a unique, descriptive name in the Rule Name field.
This name will appear in the Rule Library so be specific enough to distinguish the rule from others.
- In the Description field, explain which events the rule detects.
The beginning of this description will appear in the Rule Library
- Select Trial Rule to automatically disable the rule if all trial rules collectively exceed the memory threshold.
Use trial rule mode as a safeguard to see if a rule runs efficiently and to prevent downtime caused by running out of memory. For more information, see Work with Trial Rules.
- For Severity, classify the rule as Low, Medium, High or Critical.