Network analysis rules tab

The Rules tab contains pull-down menus to select the License and Sensor and a list of Custom rules.

Rules can be defined with a scope of the license or sensor. A license-scoped rule will match only traffic that originated from sensors associated with that specific license. A sensor-scoped rule will match only traffic that originated from the specified sensor (or sensor group). Rules are displayed grouped by their scope.

Global rules are not restricted to any specific license or sensor.

Select the license

Click the License pull-down menu and either select All licenses or a specific license from the menu.

  • If you select All licenses, all the Global rules are displayed in the Custom rules list.

  • If you select a specific license, the rules for that license are displayed below the Global rules in the Custom rules list.

The default is All licenses. Selecting a specific license does not change the sensor selection.

Select the sensor

Click the Sensor pull-down menu and either select All sensors or a specific Sensor from the menu.

  • If you select All sensors, all the Global rules are displayed in the Custom rules list.

  • If you select a specific Sensor, the rules for that Sensor are displayed below the Global rules in the Custom rules list.

The default is All sensors. Selecting a specific Sensor does not change the license selection.

Custom rules

Name

The name of the rule.

Click the sort icon to sort the list by name.

Comment

An optional comment describing the rule.

Click the sort icon to sort the list by comment.

Created by

The name or email address of the analyst that created the rule.

Click the sort icon to sort the list by creator.

Rule

The rule properties. The rule may be truncated if it is too long. Expand the row to display the full content of the rule by clicking the plus icon (or anywhere on the entry row).

Click the sort icon to sort the list by rule.

Impact

The impact level that triggers the rule.

Click the sort icon to sort the list by impact.

Actions

Click the edit icon to view/edit the rule. The Rule editor opens to allow you to view or make changes to the rule.

Click the delete icon to remove the rule.