Alerting: Rule Library View

Document created by RSA Information Design and Development on Jul 26, 2016Last modified by RSA Information Design and Development on Jul 26, 2016
Version 2Show Document
  • View in full screen mode
 

This panel can be viewed by selecting Alerts > Configure in the Security Analytics menu. The Rules tab is displayed automatically, and the Rule Library view is on the right.

You can perform the following tasks using the Rule Library view:

  • Add an ESA rule
  • Delete an ESA rule
  • Edit an ESA rule
  • Duplicate an ESA rule
  • Import ESA rules
  • Export an ESA rule
  • Filter the ESA rules list

To access this view, in the Security Analytics menu, select Alerts > Configure. The Rules tab is displayed and the Rule Library view is on the right.

Features

The following figure shows the Rule Library view.

RlLib.jpeg

The Rule Library view includes the following components:

  • Rule Library toolbar
  • Rule Library list

Rule Library Toolbar

The Rule Library toolbar allows you to add, delete, edit, duplicate, filter, export, and import ESA rules. The following figure shows the icons for these actions.

RlLibTB.png

Rule Library List

The following figure shows the Rule Library list.

RlLibList2.jpeg

The Rule Library list shows all the ESA rules that have been downloaded from RSA Live or created in the Advanced EPL and Rule Builder tabs. The following table lists the columns in the Rule Library list and their description.

                                        
ColumnDescription
Rule NamePurpose of the ESA rule.
DescriptionSummary of what the ESA rule detects.
Trial RuleDeployment mode to see if the rule runs efficiently.
TypeThe type of rule.
Actions (Actions menu button)Menu to delete, edit, duplicate, or export the selected rule.
SeverityThreat level of alert triggered by the rule.
EmailIndicates whether an alert notification for the rule is sent by email. This column is not visible by default.
SnmpIndicates whether an alert notification for the rule is sent using SNMP. This column is not visible by default.
SyslogIndicates whether an alert notification for the rule is sent using Syslog. This column is not visible by default.
ScriptIndicates whether an alert notification for the rule executes a script. This column is not visible by default.
Last ModifiedThe date and time when the ESA rule was last modified. This column is not visible by default.

To display columns which aren't visible by default, hover over the title of a column and click the v on the right. This opens a drop-down menu in which you can sort the contents of the column or choose which columns you want to see in the Rule Library list.

ESAClmns.png

You are here: References > Rules Tab > Rule Library View

Attachments

    Outcomes