Decoder: Services Config View - Rules Tabs

Document created by RSA Information Design and Development on Jul 27, 2016Last modified by RSA Information Design and Development on Sep 28, 2016
Version 4Show Document
  • View in full screen mode
 

This topic introduces the features for creating and managing rules for Decoder traffic capture in the Services Config > Rules tabs.

The Rules tabs in the Services Config view for Decoders and Log Decoders provide a user interface for defining capture rules. Each type of rule has a grid with slightly different columns and different parameters in the Rule Editor dialog.

You can display this view by doing the following:

  1. In the Security Analytics menu, select Administration > Services.
  2. Select a service and Actions menu cropped >View > Config.
    The Config view for the selected service is displayed.
  3. Click one of the rules tabs: Network Rules, App Rules, or Correlation Rules.
    The selected rules tab is displayed.

This is an example of the App Rules tab.

104DecAppRulesTab.png

Features

Rules Tab Toolbar

The toolbar is the same for all Services view > Rules tabs.

CorrRulesToolbar.png

                                  
FeatureDescription
ActionsDisplays the Actions Menu.
Icon-Add.pngAdds a new rule to a service.
Icon_Delete_sm.pngDeletes a rule from a service.
icon-edit.pngAllows rule modification.
104Disable.pngDisables a rule (without deleting the rule). 
104Enable.pngEnables (reactivates) a rule.
FilterThe input field for a search string. Security Analytics filters the rules dynamically as you type a search string. Clicking x clears the input field, restoring the unfiltered view.
ApplySaves the changes made to rules and applies the configured rules to a service. Until you apply changes, it is possible to reload the rules as they were before current modifications.
RevertDiscards unsaved changes to the grid and reverts to the unedited rules.

Rules Actions Menu

The Actions menu has options that help to manage sets of rules.

104RulesActionMenu.png                 
FeatureDescription
ImportImports a set of rules into the user interface so that it can be applied to a service. You can edit the rules before applying.
ExportSaves selected rules or all rules to an .nwr file on the client machine.
PushAllows rules to be applied to another service (Decoder or Log Decoder) or Decoders belonging to a service group. When pushing, the rules can either be merged (update existing rules and append new ones) or replaced.
HistoryDisplays the last ten snapshots of rules applied through Security Analytics. You can select and apply (restore) a snapshot to the Decoder at anytime.

Rules Grid Context Actions

Within a rules grid, right-clicking a row displays the Rules Grid Context Menu.

                               
OptionDescription
CutDeletes the current rule.
CopyCopies the current rule.
Paste AbovePastes the copied rule above the current rule.
Paste BelowPastes the copied rule below the current rule.
EditEdits the current rule.
Insert BelowInserts imported rules below the current rule.
Insert AboveInserts imported rules above the current rule.
Export SelectionExports the selected rules.
Push Selected RulesPushes the selected rules to other services.
You are here: References > Decoder: Services Config View - Rules Tabs

Attachments

    Outcomes