securitysavy

Correlation Rule Copy Enhancements Feature Request

Discussion created by securitysavy on Jun 22, 2011
Latest reply on Jun 22, 2011 by scarielli

Community - please note your interest in this feature with a note if you like it.

 

ESE-470 - If you wish to request this as well from RSA support.

 

Due to the complexity of correlation rules we have setup for our customers and the significant duplication of effort that happens for each one, we would like a feature to enhance modifying a correlation rule to accommodate a new customer.

 

We have numerous customers within the same correlation rule, due to enVision application limitations.  So we’d like:

 

1)     The ability to copy (duplicate) a Circuit within a correlation rule. 

  1. On the “Add/Modify Rule” screen, create a Copy or “Copy Circuit” checkbox (or radio button) column and a “Copy Circuit” button at the bottom.
  2. On the “Add/Modify Circuit Definition” screen, create a Copy or “Copy Circuit” button.
  3. Either way, the user should be brought to the edit screen of the new Circuit with all the information duplicated within so that the user only needs to modify select values, while reducing the number of overall clicks and edits to the content within.  This “copy” should include all logical children of the Circuit, including Statements, caches and filters within.

2)     The ability to copy (duplicate) a Statement within a correlation rule. 

  1.   On the “Add/Modify Circuit Definition” screen, create a Copy or “Copy Statement” checkbox (or radio button) column and a “Copy Statement” button at the bottom.
  2. On the “Add/Modify Statement” screen, create a Copy or “Copy Statement” button.
  3. Either way, the user should be brought to the edit screen of the new Statement with all the information duplicated within so that the user only needs to modify select values, while reducing the number of overall clicks and edits to the content within.  This “copy” should include all logical children of the Statement, including device selection, caches and filters within.

We feel these features would enable other customers to improve ROI by reducing the administrative burden of editing correlation rules with enVision.  They are also logical additions to your product as customers’ usages grow.  This design shown provides customer flexibility so that any customer may implement the feature as they require.

Outcomes