This topic provides instructions to test a rule based on the time range and the data source selected.
Make sure that you:
- Understand the Rule view components. For more information, see Rule View.
- Understand the Build Rule view components. For more information, see Build Rule View.
Perform the following steps to test a rule:
- In the Security Analytics menu, select Reports.
The Manage tab is displayed.
- In the Rule List panel, do one of the following:
- Click Test Rule.
The Test Rule view is displayed:
Note: When you click Test Rule, the rule is not saved. You have to click Savein the Build Rule view to save the rule.
- From the Data Sourcedrop-down list, select a data source.
You must select the appropriate data source for the rule defined.
- From the Format drop-down list, select the format in which you want the result displayed.
- From the Time Rangedrop-down list, select one of the following.
- Past -To specify number of years, days, weeks, months, days or hours.
- Range - To specify a date range and time period.
Note: In the User Interface (UI), the date or time displayed depends on the time zone profile selected by the user.
- X-Axis and Y-Axis are used to specify the meta to be plotted in charts.
In X-Axis, the Meta for the 'Group by' rule is displayed. In Y-Axis, the aggregate functions used in the rule are displayed.
Note: Sum, Count, Countdistinct and Average are the supported aggregate functions for rule. By default, for Custom Rules with multiple 'Group by', you can select only the first meta in X-Axis.
- Click Run Test to execute the rule.
The rule data (if any) for the selected time range is displayed.