You can import rules and rule groups from a Security Analytics instance into the rule tree in the Rule Groups panel. Rules must be in a valid binary file exported from a Security Analytics instance. You cannot import rules to a rule group. The imported files are stored in the root folder, All.
Make sure that:
- You have the rules or rule groups exported from a Security Analytics instance.
- You understand the Rule view components. For more information, see Rule View.
Perform the following steps to import rules or rule groups:
- In the Security Analytics menu, click Dashboard > Reports.
The Manage tab is displayed.
- Do one of the following.
- Click Browse to browse and select the archived file containing the rules.
- Click Import.
Note: During the import process, if a duplicate rule and list exists and you do not select the overwrite option, the rule and list is imported and no message about duplicate rules and lists are displayed.