Filtering the Rules Display

In the Alert & Prevent Rules tab, you can filter the rules that are displayed in the Rules list per specified criteria.

To filter the rules display

  1. From the Action drop-down list, select the type of actions that were applied to the rules that you want to view (or select All), and click OK.

  2. From the Status drop-down list, select the status of the rules that you want to view (Active, Inactive, or select All to view both active and inactive rules).

  3. From the Risk Level drop-down list, select the user risk level for the rule that you want to view (Critical, High, Medium, Low, or select All to view the rules for all risk levels).

  4. In the Search by field, type the relevant text to search for rules by keywords. You can search by rule name, description, or conditions of the rule that you want to view.

Expand the More Filters section by clicking to filter the rules display according to additional criteria, as described in the following table:

Filter

Description

Notification Policy

To search for rules by assigned notification policy (which specifies who receives alert notifications when an alert is generated and at what frequency), select a specific notification policy from the list, or select All to view rules from all notification policies.

OS Type

To search for rules by the operating system for which they were defined: Windows/Mac, Unix, Both (Windows and Unix) or All.

History

To search for rules by the number of alerts that were generated for them, select Generated at least one alert, Never generated an alert, or select All to view rules for all alerts.

Origin

To search for System rules (provided and maintained by the ITM On-Prem (ObserveIT) Library) or User rules (created by the user), or All (both System and User rules).

Note: When upgrading alert rules from earlier ITM On-Prem (ObserveIT) versions, this field is set to User for all upgraded alert rules.

Updated on

To search for rules by the time period they were last updated, specify the specific time period (During last number of days, weeks, months, or years) or specify a date range for your search (Between: To:).

Updated by

To search for rules by the user that last updated them, select a specific user from the list, or select All to view rules by all users.

When you have finished defining your search criteria, click Show to update the Rules list. To clear the filter fields, click Reset.