Alerting: Rule Library Panel

Document created by RSA Information Design and Development on Mar 23, 2017Last modified by RSA Information Design and Development on Apr 26, 2017
Version 4Show Document
  • View in full screen mode
  

This topic describes the components of the Rule Library panel. You can perform the following tasks using the Rule Library panel:

  • Add an ESA rule
  • Delete an ESA rule
  • Edit an ESA rule
  • Duplicate an ESA rule
  • Import ESA rules
  • Export an ESA rule
  • Filter the ESA rules list

To access this view, in the Security Analytics menu, select Alerts > Configure. The Rules tab is displayed and the Rule Library panel is on the right.

Features

The following figure shows the Rule Library panel.

RlLib.jpeg

The Rule Library panel includes the following components:

  • Rule Library toolbar
  • Rule Library list

Rule Library Toolbar

The Rule Library toolbar allows you to add, delete, edit, duplicate, filter, export, and import ESA rules. The following figure shows the icons for these actions.

RlLibTB.png

Rule Library List

The following figure shows the Rule Library list.

RlLibList2.jpeg

The Rule Library list shows all the ESA rules that have been downloaded from RSA Live or created in the Advanced EPL and Rule Builder tabs. The following table lists the columns in the Rule Library list and their description.

                                      
ColumnDescription
Rule NamePurpose of the ESA rule.
DescriptionSummary of what the ESA rule detects.
Trial RuleDeployment mode to see if the rule runs efficiently.
TypeThe type of rule.
Actions (Actions menu button)Menu to delete, edit, duplicate, or export the selected rule.
SeverityThreat level of alert triggered by the rule.
EmailIndicates whether an alert notification for the rule is sent by email. This column is not visible by default.
SnmpIndicates whether an alert notification for the rule is sent using SNMP. This column is not visible by default.
SyslogIndicates whether an alert notification for the rule is sent using Syslog. This column is not visible by default.
ScriptIndicates whether an alert notification for the rule executes a script. This column is not visible by default.
Last ModifiedThe date and time when the ESA rule was last modified. This column is not visible by default.

To display columns which aren't visible by default, hover over the title of a column and click the v on the right. This opens a drop-down menu in which you can sort the contents of the column or choose which columns you want to see in the Rule Library list.

ESAClmns.png

Previous Topic:Options Panel
Next Topic:Deployment Panel
You are here
Table of Contents > References > RulesTab > Rule Library Panel

Attachments

    Outcomes