Exporting Rules

Exporting rules is done by selecting the rules you wish to export and providing the location for the export file.

The export of System Rules that are included in the ObserveIT Insider Threat Library (ITL) is managed by ObserveIT. The exported ZIP file is distinguished from the standard export zip file by its name. For details, see Importing System Rules from the Insider Threat Library.

The export of rules is done from the Manage Alert & Prevent Rules page in the ObserveIT Web Console. You can navigate to this page via Configuration > Alerts > Alert & Prevent Rules.

The Alert & Prevent Rules page displays a list of currently configured rules. For details about the information displayed for each rule, see Viewing Rules.

To export rules

1. In the list of configured rules, select the individual rules or categories (with rules) that you want to export, and click the Export hyperlink from the More Actions drop-down list. Categories that don't have rules cannot be selected.

   

   The Dependencies and List Exporting Method window opens. For example:

   

2. In order to export rules that are based on In-App Elements and/or Private Lists and then import these rules successfully, the In-App Elements and Private Lists must first be created in the environment to which the rules are imported, using the exact same names. When selecting rules with In-App Elements and/or Private Lists for export, their names and rule dependencies (including the number of rules) are listed, as shown in the above example. You can click the Dependent Rules hyperlink for an In-App Element or Private List to open a popup showing the names of all alerts that currently reference the In-App Element or Private list. If required, you can edit the details of the rule(s) in order to resolve the dependency issue.

3. To protect privacy, Private lists cannot be exported with their Items. The lower part of the window displays the names of all the Public lists of Users and General types that were selected for export. For each List, you can select Yes or No to choose whether or not to include the List's Items in the exported file. The default for Users lists is No, the default for General lists is Yes.

   Upon successful export of the rules, a ZIP file is automatically created and identified by the current date and time in the format: Alert Rules - YYYY-MM-DD--HH-MM.zip. The exported ZIP file will include all the rules' properties including their Categories and associated Lists.

4. Save the file to a location on your computer from where you can import the rules.

For details on how to import the exported file, see Importing Rules.