Login
    Contents x
    Managing Findings Rules
    • 07 Aug 2023
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Managing Findings Rules

    • Updated on 07 Aug 2023
    • 1 Minute to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Editing a Findings Rule

    You can edit the configuration of a findings rule.

    Note:

    Note that when you modify a rule, the Alert History changes its pointers to the alerts accordingly, but the data becomes inaccessible.
    For example, let's say you create a device-query rule and it runs for some time and creates alerts. When you modify that same rule to be user-query based, the old links that are used to pivot to assets from the Alert drawer no longer work.

    To edit the rule configuration

    1. In the Rules Manager table, click a rule.
      Its Rule drawer opens.
    2. In the Rule drawer Rule Configuration tab, update parameters or settings (refer to creating a new rule), as required. The Save Changes button becomes enabled.
    3. Modify the external notification, if required.
    4. Click Save Changes.

    Modifying the External Notification

    You can choose an alternate enforcement action for a different external notification or modify the configuration of the existing one.

    To modify the external notification

    1. Click the ChangeStatusIcon Edit icon.
    2. Modify the configuration of the external notification, by doing one of the following:
      • In Select Action, choose another enforcement action and fill in the required fields.
      • Modify the configuration of the current enforcement action.
    3. Click Apply.

    Activating/Deactivating a Findings Rule

    A rule runs only while it is activated.

    To activate a rule

    1. In the Rules table, click a rule, and in the Rule drawer that opens, toggle on Activate (default).
    2. Click Save Changes.

    To deactivate a rule

    1. In the Rules table, click a rule, and in the Rule drawer that opens, toggle off Activate.
    2. Click Save Changes.

    Deleting Findings Rules

    You can delete one or more findings rules.

    To delete one or more rules

    1. In the Rules Manager table, select the checkboxes of one or more rules, and then from the Actions menu, click Delete.
    2. In the confirmation message, click Delete. The selected rules are removed.
    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout