Create a New Rule
Click to view navigation pane


Create a New Rule

To create a rule, go to Responses > Rule Manager > New Rule.  

Create New Rule.

Provide required details in the respective sections to create a new rule:

(1) In the Rule Information section, provide a name and description of the new rule in the Rule Name and Description.

(2) In the Rule Query section, specify a query for the rule. The system uses this query to search for events. Use the Test Query button to test your query. Click Sample Queries link to select from predefined queries.

(3) In Trigger Criteria section define when alerts are generated.

The following trigger criteria are available to select:

Criteria

Description

Single Match

The system generates an alert each time it detects an event that matches your rule query.

Time-Window Count Match

The system generates alerts based on the number of events returned by the search query in a fixed time interval.

For example, an alert is sent when three matching events are found within a 15-minute window.

To set the time interval, specify the No Of Matching Events and the time interval in Minutes or Hours.

Time-Window Scheduled Match

The system generates alerts for matching events that occur during a scheduled time. The rule is triggered when an event matching your search criteria is found during the time specified in the schedule.

For example, alerts are sent when all matching events occur within the scheduled window between 9 AM and 5 PM.

To configure the schedule, set the start and end dates, specify the time window, and select the repeat frequency.

Note: For Time-Window Count Match and Time-Window Scheduled Match, you can aggregate alerts using an aggregate group. That means you can group related alerts together instead of receiving them separately. Currently, Asset ID is supported as an aggregate group. 

(4) In the Action Settings section, choose the actions that you want the system to perform when an alert is triggered.

Create New Rule screen.

(5) Click Save.

Rule Manager tab lists all the rules that you have created with rule name, alert message aggregating enabled or disabled for the rule, action chosen for the rule, date and time when the rule is last triggered and state of the rule, whether the rule is enabled or disabled and created date and time of the rule. You can use the Actions menu or Quick Actions menu to edit, enable, disable, delete rules and save an existing rule along with its configuration to create a new rule with a new name. Use the search bar to search for rules using the search tokens.

Response rule manager