This topic introduces network rules and describes features that apply specifically to network rules.
The main Rules Tab section describes the toolbar common to all types of rules. This section introduces the user interface for network rules.
You can display this view by doing the following:
- In the Security Analytics menu, select Administration > Services.
- Select a service and select > View > Config.
The Config view for the selected service is displayed.
- Select the Network Rules tab.
This is an example of the Network Rules tab.
This is an example of the Rule Editor dialog for a network rule.
The following table describes the columns in the Network Rules grid.
The Rule Editor dialog provides the fields and options needed to define a network rule.
The following table describes the Rule Definition fields.
|Rule Name||The descriptive name that identifies the rule.|
|Condition||The definition of the condition that triggers an action when matched. You can type directly in the field or build the condition in this field using meta from the Intellisense window actions. As you build the rule definition, Intellisense displays syntax errors and warnings.|
The following table describes the Session Data actions.
|Stop Rule Processing||If checked, further rule evaluation ends if the rule is matched, and the session is saved as indicated. If not checked, rule evaluation continues until all rules are evaluated.|
|Keep||The packet payload and associated meta are saved when they match the rule.|
|Filter||The packet is not saved when it matches the rule.|
|Truncate||The packet payload is not saved when it matches the rule, but packet headers and associated meta are retained.|
The following table describes the session options.
|Assemble||If checked, the assembler assembles the packet chain when it matches the rule.|
|Network Meta||The packet generates network metadata when it matches the rule.|
|Application Meta||The packet generates application metadata when it matches the rule.|
|Alert||The packet generates a custom alert when metadata matches the rule.|
The following table describes Rule Editor dialog actions.
|Reset||Resets the contents of the dialog to their values before editing; changes are discarded.|
|Cancel||Cancels any edits and closes the Rule Editor dialog.|
|OK||Saves the new rule or edited rule, and adds it to the rules grid. The Rule Editor dialog closes.|
|Validate||Validates that the rule syntax is correct.|