The Rules tabs in the Services Config view enable you to define and manage capture rules. Each type of rule has a grid with slightly different columns and different parameters in the Rule Editor dialog. Application and correlation rules apply to both Decoders and Log Decoders. Network rules apply only to packet Decoders.
Step 4. Configure Decoder Rules provides additional information.
You can display this view by doing the following:
- In the Security Analytics menu, select Administration > Services.
- Select a service and >View > Config.
The Config view for the selected service is displayed.
- Click one of the rules tabs: Network Rules, App Rules, or Correlation Rules.
The selected rules tab is displayed.
This is an example of the App Rules tab.
Rules Tab Toolbar
The toolbar is the same for all Config view > Rules tabs.
Rules Actions Menu
The Actions menu has options that help to manage sets of rules.
|Import||Imports a set of rules into the user interface so that it can be applied to a service. You can edit the rules before applying.|
|Export||Saves selected rules or all rules to an .nwr file on the client machine.|
|Push||Allows rules to be applied to other services (Decoders or Log Decoders) or Decoders belonging to a service group. When pushing, the rules can either be merged (update existing rules and append new ones) or replaced. |
|History||Displays the last ten snapshots of rules applied through Security Analytics. You can select and apply (restore) a snapshot to the Decoder at anytime.|
Rules Grid Context Actions
Within a rules grid, right-clicking a row displays the Rules Grid Context Menu.
|Cut||Deletes the current rule.|
|Copy||Copies the current rule.|
|Paste Above||Pastes the copied rule above the current rule.|
|Paste Below||Pastes the copied rule below the current rule.|
|Edit||Edits the current rule.|
|Insert Below||Inserts imported rules below the current rule.|
|Insert Above||Inserts imported rules above the current rule.|
|Export Selection||Exports the selected rules.|
|Push Selected Rules||Pushes the selected rules to other services.|