Reporting: Test a Rule

Document created by RSA Information Design and Development on Nov 23, 2016Last modified by RSA Information Design and Development on Feb 10, 2017
Version 5Show Document
  • View in full screen mode
  

This topic provides instructions to test a rule based on the time range and the data source selected.

Prerequisites

Make sure that you:

  • Understand the Rule view components. For more information, see Rule View.
  • Understand the Build Rule view components. For more information, see Build Rule View.

Procedure

Perform the following steps to test a rule:

  1. In the Security Analytics menu, select Reports.
    The Manage tab is displayed.
  2. In the Rule List panel, do one of the following:
    • Select a rule and click edit_button.png in the Rules toolbar.
    • Click  > Edit.
      The Build Rule view tab is displayed.
  3. Click Test Rule.
    The Test Rule view is displayed:
    Test_rule_page.png

Note: When you click Test Rule, the rule is not saved. You have to click Savein the Build Rule view to save the rule.

  1. From the Data Sourcedrop-down list, select a data source.
    You must select the appropriate data source for the rule defined.
  2. From the Format drop-down list, select the format in which you want the result displayed.
  3.  From the Time Rangedrop-down list, select one of the following.
    • Past -To specify number of years, days, weeks, months, days or hours.
    • Range - To specify a date range and time period.

Note: In the User Interface (UI), the date or time displayed depends on the time zone profile selected by the user.

  1. X-Axis and Y-Axis are used to specify the meta to be plotted in charts.
    In X-Axis, the Meta for the 'Group by' rule is displayed. In Y-Axis, the aggregate functions used in the rule are displayed.

Note: Sum, Count, Countdistinct and Average are the supported aggregate functions for rule. By default, for Custom Rules with multiple 'Group by', you can select only the first meta in X-Axis.

  1. Click Run Test to execute the rule.
    The rule data (if any) for the selected time range is displayed.
Next Topic:Tune IPDB Rules
You are here
Table of Contents > Working with Reporting Rules > Define Rule Groups and Rules > Test a Rule

Attachments

    Outcomes