Rules
Create and manage security rules based on triggers that correlate incoming events from network devices. When a security event is received, the highest ranked security rule with a trigger satisfied and a matching User/Host profile creates a security alarm. The rule may then take an action automatically.
Settings
An empty field in a column indicates that the option has not been set.
Field |
Definition |
||
---|---|---|---|
Rank |
Moves the selected rule up or down in the list. Incoming events are compared to rules in order by rank. |
||
Set Rank |
Allows you to type a different rank number for a selected rules and immediately move the rule to that position. In an environment with a large number of rules this process is faster than using the up and down buttons. |
||
Table columns |
|||
Rank |
Rule's rank in the list of rules. Rank controls the order in which incoming events are compared to Security Rules. |
||
Name |
User defined name for the security rule. |
||
Enabled |
Indicates whether the rule has been enabled. |
||
Trigger |
The set of events that will activate the rule if the rule is enabled. |
||
Host Profile |
The host profile to which the security rule applies. The = sign indicates the host must match the user host profile. The ≠ indicates the host must not match the user host profile. An alarm is triggered when the security rule is satisfied. |
||
Action |
The action that will be associated or automatically taken when the security rule is activated. |
||
Rule Match Email Group |
If enabled in the security rule, the administrator group that will receive an email when the rule creates an alarm. |
||
Action Taken Email Group |
If enabled in the security rule, the administrator group that will receive an email when an action is taken on the created alarm. |
||
Last Modified By |
User name of the last user to modify the security rule. |
||
Last Modified Date |
Date and time of the last modification to this security rule. |
||
Right click options |
|||
Delete |
Deletes the selected security rule. |
||
Modify |
Opens the Modify Security Rule window for the selected security rule. |
||
Show Audit Log |
Opens the admin auditing log showing all changes made to the selected item. For information about the admin auditing log, see Audit Logs.
|