Create and Manage Rules

Rules can be used to define the criteria to trigger the alert notifications. You can use our pre-defined search tokens and form the queries for the criteria. You can then associate an action to be executed when the criteria defined in the rule are met. 

Create New Rule

(1) Go to Responses > Rule Manager > New Rule.

(2) Provide a name and description of the new rule in the Rule Name and Description. Set a severity for the rule to prioritize the rules. The severity can be None, Low, Medium or High.

(3) In the Rule Query section, specify a query for the rule. The system uses this query to search for events. Use the Test Query button to test your query. Click the Sample Queries link to select from the predefined queries.

(4) In the Trigger Criteria section, choose three trigger criteria that work with the rule query. The trigger criteria are: Single Match, Time-Window Count Match, and Time-Window Scheduled Match. See Trigger Criteria.

Basic details required to create a rule.

(5) In the Action Settings section, choose the actions that you want the system to perform when an alert is triggered.

Setting options for configuring the required action.

Manage Rules

The Rule Manager tab lists all the rules that you have created with

You can use the Actions or Quick Actions menu to edit, enable, disable, delete rules, and save an existing rule and its configuration to create a new rule with a new name. Use the search bar to search for rules using the search tokens.

Manage rules