The Rule view is the user interface for managing rules. Associated procedures are in the Reporting guide under Define Rule Groups and Rules, Additional Rule Definition Procedures, Manage Access for a Rule or Rule Group, Create a Chart Using a Rule, Create a Report Using a Rule, and Create an Alert Using a Rule.
You can perform the following actions using the Rule view:
- Add a rule or rule group.
- Refresh the rules in a group.
- Change the group of a rule by dragging and dropping the rule on the new group in the Rule Group panel.
- Delete rules and rule groups.
- Set access permissions for rules and rule groups.
- Import rules and rule groups.
- Export rules and rule groups.
- Edit a rule.
- Duplicate a rule.
- Create alerts, charts, and reports from a rule.
- View dependents of a rule.
The Rule view includes the following panels:
- Rule Groups
- Rule List
- Rule Toolbar
Rule Groups Panel
The Rule Groups panel allows you to organize rules into groups using the options in the toolbar. You can create groups and sub-groups and add rules to them. You can also group and move rules between different groups.
The following figure shows the groups in the Rule Groups panel:
The Rule toolbar allows you to add, delete, edit, and duplicate a rule. The following figure shows the toolbar.
Rule List Panel
The Rule List panel lists all the rules in Security Analytics, in a tabular format. The following figure shows the list of rules in the Rule List panel.
The following table lists the columns in the Rule List panel and their description.
Note: For Name field, the icon to extend the column size is not displayed at the end of the column field. You have to hover the mouse a little to the left side to see the icon for extending the column.
|The name of the rule.|
|Type||The type of rule.|
|Group||The Rule Group to which the rule belongs.|
|Date Modified||The date and time when the rule was modified.|
|Actions||The actions that can be performed using the rule.|