Tasks and Actions You Can Perform on Rules

From the Alert & Prevent Rules page, you can perform the following tasks on rules:

Task

For details, see ...

View the current rules' assignment to specific User lists.

Assigning Rules to User Lists

Assign additional rules to specific User lists.

Assigning Rules to User Lists

View and manage the Categories to which alert rules are assigned.

Managing Rule Categories

View details of all the currently configured rules according to specified criteria.

Viewing Details of Rules

Filter the rules display per specified criteria.

Filtering the Rules Display

Create new alert rules and edit existing ones.

Clicking an alert rule in the Alert & Prevent Rules table opens the Edit Alert Rule dialog box in which you can edit the rule's details, user/group assignment, detection policy, and actions.

Creating and Editing Alert Rules

Create new prevent rules and edit existing ones.

Clicking a prevention type rule in the Alert & Prevent Rules table opens the Edit Prevent Rule dialog box in which you can edit the rule's details, detection policy, and actions.

Creating and Editing Linux Prevent Rules

Share rules with other departments/users and with other organizations.

Importing Rules

In the Alert & Prevent Rules page, by clicking on a hyperlink in the More Actions drop-down menu, you can perform the following actions on single or multiple selected rules:

  • Duplicate rules. For details, see Duplicating Rules.

  • Delete rules. For details, see Deleting Rules.

  • Change the Category of rules. For details, see Managing Rule Categories.

  • Export rules. For details, see Exporting Rules.

  • Activate rules. A rule must be in Active status in order for an alert to be generated. Click the Activate hyperlink to activate the selected rule(s).

  • Inactivate rules. The default status for new rules is Inactive. When a rule is Inactive, new alerts are not generated but old alerts can be viewed in the Alerts page.