Alerting: Edit, Duplicate or Delete a Rule

Document created by RSA Information Design and Development on Jul 26, 2016Last modified by RSA Information Design and Development on Jul 26, 2016
Version 2Show Document
  • View in full screen mode
 

This topic provides instructions to edit, duplicate, or delete an Event Stream Analysis (ESA) rule.

You can edit, duplicate or delete a rule you have in the Rule Library.

When you edit a rule, ESA applies the updated criteria going forward. No changes are made to previously generated alerts.

Edit a Rule

  1. In the Security Analytics menu, select Alerts > Configure > Rules.
    The Rules tab is displayed.
  2. In the Rule Library, select the rule you want to edit and click ic-edit.png.
    Depending on the rule type, the respective rule tab is displayed.
  3. Modify the required parameters.
  4. Click Save.

Duplicate a Rule

  1. In the Rule Library, select the rule you want to duplicate and click Duplicate icon.
  2. The Duplicate a Rule dialog is displayed. The system adds Copy of in front of the rule name.
    Duplicate a Rule dialog box
  3. In the Name field, type a unique name for the duplicate rule and click OK.

A duplicate rule with the new name is added to the Rule Library.

Delete a Rule

  1. In the Security Analytics menu, select Alerts > Configure > Rules.
    The Rules tab is displayed.
    RulesTb.png
  2. In the Rule Library, select one or more rules and click .
    A warning dialog is displayed.
  3. Click Yes.
    A confirmation message that the rule is deleted successfully is displayed and the selected rule is deleted from the Rule Library.
You are here: Add Rules to the Rule Library > Additional Procedures > Edit, Duplicate or Delete a Rule

Attachments

    Outcomes