Edit Alert Policy rules
Alert Policy rule settings include the Alert Sender, the Alert and Situation, Time, and Severity.
For more details about the product and how to configure features, click Help or press F1.
Steps
- Select Configuration, then browse to Administration.
- Browse to .
- Right-click an Alert Policy, then select Edit <name>.
-
Add a rule:
- In an empty Alert Policy, right-click the rule table, then select .
- In an Alert Policy with existing rules, right-click a rule ID, then select or .
- Specify the rule settings.
- Select which Alert Chain is processed when an alert event matches this rule.
- Click Save.
Alert Policy Editing view
Use this view to edit Alert rules in an Alert Policy element.
Option | Definition |
---|---|
Resources | Use this pane to create and add elements to a policy. |
Search | Opens a search field for the selected element list. |
Up (Backspace) | Returns to the previous folder. |
New | Opens the associated dialog box to create an element. |
Tools | Show Deleted Elements — Shows elements that have been moved to the Trash. |
Option | Definition |
---|---|
Policy Toolbar | |
Save | Saves the changes. |
Save and Install | Saves the changes and installs the policy on the target engine. |
Undo operation | Undoes the last change made. |
Redo operation | Redoes the last change that was undone. |
Tools | |
Validate | Validates the rules in the policy. Opens the Validate Policy dialog box in which you can select which issues are checked in the rules. |
Compare to Policy Snapshot | Compares the policy with a previously created snapshot of the policy. |
Expand Rule Sections | If you have added Rule Sections, they are all expanded. |
Collapse Rule Sections | If you have added Rule Sections, and they are expanded, they are all collapsed. |
Target selector | Selects the target Domain for the Validate action. |
Option | Definition |
---|---|
Rules table | |
ID | (Not editable) Automatically assigned ID number that indicates the order of the rules in the policy. The rules are matched against traffic in the order of the ID numbers. For example, the rule 14.3 is the third rule added in this policy to the insert point that is the fourteenth rule in the upper-level template.
Right-clicking this type of cell opens these menu items:
|
Sender | Drag and drop elements from the Resources pane to specify the Alert Sender or keep the option Set to ANY. |
Alert and Situation
(Optional) |
Specifies the Alert and Situation that the rule matches. |
Time |
Allows you to specify when the rule starts being enforced, when the rule automatically expires, and when the rule is active. By default, rules start being enforced when you install the policy, never expire automatically, and are always active. Drag and drop a Rule Validity Time element to the cell. |
Severity | Double-click and specify the
Severity value or the range of
Severity values that this rule matches. The
Select Severity dialog box opens.
To define a single Severity value, select Severity and one of the options. If you want the rule to match a range of Severities, select Severity Range and define the range in the From and To lists. |
Chain
(Optional) |
Specifies which Alert Chain is processed when an alert event matches this rule. |
Rule Name | Contains a rule tag and optionally a rule name.
Right-clicking this type of cell opens these menu items:
|
Comment | An optional comment for your own reference. |
Option | Definition |
---|---|
General tab | |
Name | Specifies the element name. |
Rule Tag | Rule tag of the rule. |
Comment | An optional comment for your own reference. |
Rule Info tab | The rule cells and their values.
Right-clicking the
ID cell opens the following menu items:
|
Option | Definition |
---|---|
History tab | |
Creator | Shows the administrator who created the rule. |
Created | Shows the time when the rule was created. |
Modifier | Shows the administrator who modified the rule. |
Modified | Shows the time when the rule was modified. |
Audit History | Opens the Logs view and displays the audit log data for traffic that matches the rule. |
Rule Validity Time Properties dialog box
Use this dialog box to create and modify Rule Validity Time elements.
Option | Definition |
---|---|
Name | The name of the element. |
Time Zone |
|
Enable Starting From (Optional) |
The date when the rule starts being enforced. By default, the rule is enforced starting from the next policy installation. |
Automatically Disable (Optional) |
The date when the rule automatically expires. When a rule automatically expires, traffic can no longer match the rule. By default, the rule never expires. |
Active | Specifies when the rule is active:
|
Start | (When On These Dates of the Year is selected) The date on which the rule becomes active. |
End | (When On These Dates of the Year is selected) The date on which the rule stops being active. |
Start Time | (Either Start Time or End Time is required when Between These Times of the
Day is selected. Optional for all other selections.) The time of day when the rule becomes active. |
End Time | (Either Start Time or End Time is required when Between These Times of the
Day is selected. Optional for all other selections.) The time of day when the rule stops being active. |
Comment (Optional) |
A comment for your own reference. |
Select Severity dialog box
Use this dialog box to define the severity of an Alert rule in an Alert Policy element.
Option | Definition |
---|---|
Severity | Severity value or the range of Severity values that this rule matches.
|
Information | Alerts that are meant for information only. Corresponds to numeric alert value 1. |
Low | The alerts that have a low severity. Corresponds to numeric alert values 2–4. |
High | The alerts that have a high severity. Corresponds to numeric alert values 5–7. |
Critical | Alerts that have the highest severity. Corresponds to numeric alert values 8–10. |
From | The start value of a Severity Range. |
to | The end value of a Severity Range. |