View Configured Rules
Click here to see this page in full context


View Configured Rules in Context XDR

Navigate to the Rules > Rules sub-tab to view all your configured rules. The table on this page displays information around each configured rule.

Use this page to:

- Create a new rule. See the Create a New Rule section for more information.

- View the status of each rule. A rule can be in the Active or in the Inactive state. Use Activate/Deactivate options from the Quick Actions menu next to a rule to toggle between the Active and Inactive states.

- View details of each rule. Use the View details option from the rule’s Quick Actions menu to view the rule details. Show moreShow more



The Rule Details page displays:

+ Basic Information tab – The Basic Information tab displays a description of the rule and the rule condition is simple, natural language for easy understanding.

+ Signals tab – The Signals tab lists all the signals generated by the rule. You can search for specific signals using the Qualys QQL tokens. For a complete list of tokens available for use on this page, click here.

NOTE: Use the time filter to focus on signals generated by the rule during a specific time period.

+ Adaptive Responses tab – The Adaptive Responses tab displays all the responses generated as a response to this rule.

- Use Qualys QQL tokens to search for specific rules. See the Rules Page section for a complete list of QQL tokens that you can use on this page. 

- View the signals associated with each rule. Click the signal count associated with a rule to view the entire list of signals.

- Delete the signals associated with a rule. Use the Delete signals for this rule option from the Quick Actions menu next to a rule to delete its associated signals.

- Import/export a rule. See the Export/Import Rules section for more information.

- Delete a configured rule. Use the Delete Rule option from the Quick Actions menu next to a rule to delete it.

- Filter rule using the Quick Filters. Use the Quick Filter options from the left to quickly view the rules you are interested in. The filters are categorized under the following buckets:

+ Tactic – Use filters under this bucket to filter rules by their associated MITRE tactic.

+ Technique – Use filters under this bucket to filter rules by their associated MITRE technique.

+ Status – Use filters under this bucket to view rules in the Active or Inactive state.

+ Criticality – Use filters under this bucket to view rules by their criticality.

+ Log Sources – Use filters under this bucket to view rules by their log sources. For example, view rules associated with all firewall sources.