Exporting and Importing Rules

ITM On-Prem (ObserveIT) allows the importing and exporting of rules. Importing is managed by a wizard that notifies you in advance about any potential conflict or missing data on the target environment. Exporting rules is done by selecting the rules you wish to export and providing the location for the export file.

The ability to export and import alert and prevention rules extends ObserveIT's Insider Threat Solution, by enabling the sharing of real-time information about risky user activity and out-of-policy behavior with other departments/users in an organization and with other organizations. ITM On-Prem (ObserveIT) customers and business partners can use the exported/imported ITM On-Prem (ObserveIT) alert and prevention rules to detect risky user activity and out-of-policy behavior on their own Windows or Unix/Linux machines.

System Rules that were exported from the ITM On-Prem (ObserveIT) Insider Threat Library (ITL) can also be imported. After the export/import process is completed, the rules can be edited as required to suit the needs of the organization.

Alert, policy, and prevent rules can be easily migrated between staging or other environments (such as, from POC to UAT to Production). Rules can be integrated with external HR systems; ITM On-Prem (ObserveIT) User Lists can be exported and imported as a comma-delimited format file (CSV), so for example, you can simply export your current "Employee watch-list" from your HR system and import it into your list in ObserveIT.

This feature is available for Admin or Config Admin role users only.

The export and import of rules is done from the Alert & Prevent Rules tab in the ITM On-Prem Web Console. You can navigate to this tab via Configuration > Alerts > Alert & Prevent Rules.

The following topics describe how to: