Alerting: Step 2: Build a Rule Statement

Document created by RSA Information Design and Development on Jul 26, 2016Last modified by RSA Information Design and Development on Jul 26, 2016
Version 2Show Document
  • View in full screen mode

A statement is a logical grouping of rule criteria in the Rule Builder. You add statements to define what a rule detects. 


The following graphic shows an example of a Rule Builder statement.

First, you provide the meta key and value. Then, you build logic around the pair by selecting an option in each other field.


You must know the meta key and value for it.
For a complete list of meta keys, go to Alerts > Configure > Settings > Meta Key References.


To build a rule statement:

  1. In the Security Analytics menu, select Alerts > Configure.
    The Rules tab is displayed by default.
  2. In the Rule Library, click Add drop-down > Rule Builder or edit an existing Rule Builder rule.
    The Rule Builder view is displayed.
  3. In the Conditions section, click Add icon . 
    The Build Statement dialog is displayed.
  4. Name the statement. Be clear and specific. The statement name will appear in the Rule Builder.
  5. From the drop-down list, select which circumstances the rule requires:
  • if all conditions are met
  • if one of these conditions are met

6. Specify the criteria for the statement:

  1. Type the name of the Meta Key.
  2. For Evaluation Type specify the relationship between the meta key and the value you will provide for it.
    The choices are:  is, is not, contains, not contains, begins with, ends with
  3. Type the Value for the meta key.
    Do not add quotes around a value. Separate multiple values with a comma.
  4. The Is Value An Array field indicates if the contents of the Value field represent one or more than one value:
  • Yes indicates more than one value.
  • No indicates one value.

7. To use another meta key in the statement, click Add icon and repeat step 4. 

8. To save the statement, click Save

You are here: Add Rules to the Rule Library > Add a Rule Builder Rule > Step 2: Build a Rule Statement