Alerting: Edit, Duplicate or Delete a Rule

Document created by RSA Information Design and Development on Jun 26, 2017Last modified by RSA Information Design and Development on Sep 14, 2017
Version 2Show Document
  • View in full screen mode
  

This topic provides instructions to edit, duplicate, or delete an Event Stream Analysis (ESA) rule. When you edit a rule, ESA applies the updated criteria going forward. No changes are made to previously generated alerts.

Procedures

Edit a Rule

  1. In the Security Analytics menu, select Alerts > Configure > Rules.
    The Rules tab is displayed.
  2. In the Rule Library, select the rule you want to edit and click ic-edit.png.
    Depending on the rule type, the respective rule tab is displayed.
  3. Modify the required parameters.
  4. Click Save.

Duplicate a Rule

  1. In the Rule Library, select the rule you want to duplicate and click Duplicate icon.
  2. The Duplicate a Rule dialog is displayed. The system adds Copy of in front of the rule name.
    Duplicate a Rule dialog box
  3. In the Name field, type a unique name for the duplicate rule and click OK.

A duplicate rule with the new name is added to the Rule Library.

Delete a Rule

  1. In the Security Analytics menu, select Alerts > Configure > Rules.
    The Rules tab is displayed.
    RulesTb.png
     
  2. In the Rule Library, select one or more rules and click .

    A warning dialog is displayed.

  3. Click Yes.
    A confirmation message that the rule is deleted successfully is displayed and the selected rule is deleted from the Rule Library.

Previous Topic:Additional Procedures
You are here
Table of Contents > Add Rules to the Rules Library > Additional Procedures > Edit, Duplicate or Delete a Rule

Attachments

    Outcomes