.png?sv=2019-07-07&sig=FbhhnJN844ra67LSGpAjZ7dWWo0qtfPBGXFFmBZBwLY%3D&spr=https%2Chttp&st=2023-11-30T04%3A55%3A37Z&se=2023-11-30T05%3A05%3A37Z&srt=o&ss=b&sp=r){kind=logo}
Viewing Rules
- 15 Oct 2023
- 3 Minutes to read
- Print
- DarkLight
- PDF
Viewing Rules
- Updated on 15 Oct 2023
- 3 Minutes to read
- Print
- DarkLight
- PDF
Article Summary
Share feedback
Thanks for sharing your feedback!
Use the Rules Manager page in the Findings Center to view all rules defined in the Axonius Findings Center.
To view the Findings rules
- In the left navigation panel, click the Findings icon
. - Click the Rules Manager tab. The Rules Manager page opens.
.
Rules Manager Table
The Rules Manager table lists all Findings Rules defined in Axonius, sorted by the date that the rule triggered an alert, from the most recent to the earliest.
The Rules Manager table provides the following information:
| Field | Description |
|---|---|
| Severity | Severity of the rule. Available options are: Informational, Low, Medium, High, Critical |
| Rule Name | The name of the Findings rule. |
| Last Notified | The latest date and time (UTC) that the rule ran the trigger condition and notified of the alert. |
| Check and Notify | The frequency that the rule is scheduled to run. |
| Entity Type | The asset that is checked. For example, Devices, Application Settings, Tickets, Users. |
| Trigger Condition | The condition that sets off the alert. |
| Mute Conditions | The criteria for muting the alert. |
| Findings Count | The number of times the rule checked that the condition exists and created an alert until and including the most recent notification. Alerts created during muting of notification are only added to the count the next time an alert is created with notification. |
| Activity Status | Status of the rule. |
Changing the Order Columns are Displayed
You can change the order of columns displayed in the table.
Drag and drop columns on the table to arrange them in the order that you want. The changes are only for the current session.
Searching and Filtering Rules
You can filter the rules that are displayed.
The following filters are available:
Search Findings - Search for any text in a rule.
Severity - Display rules of specific severities. From the dropdown, select one or more of the following: Informational, Low, Medium, High, Critical
Check and Notify - Display rules of a specific run schedule. From the dropdown, select one or more of the following: Every global discovery cycle, Every x hours, Every x days, Days of week, Days of month
Entity Type - Display rules on one or more entities (i.e., asset types).
- From the Entity Type dropdown, select one or more entities (i.e., asset types) to return the Rules that apply to these asset types. For example: Users, Application Settings, Devices, Tickets. The assets in the dropdown are listed according to asset category (as on the Assets page). In addition, it is possible to type and search to easily locate in the dropdown, the asset type required.
- From the Entity Type dropdown, select one or more entities (i.e., asset types) to return the Rules that apply to these asset types. For example: Users, Application Settings, Devices, Tickets. The assets in the dropdown are listed according to asset category (as on the Assets page). In addition, it is possible to type and search to easily locate in the dropdown, the asset type required.
Trigger Condition - Display rules with triggers of one or more condition types: Simple query threshold, Query comparison, Query change over time
Mute Conditions - Display rules with one or more of the following mute types: Off (no muting), Mute time after first alert, Mute on specific dates, Mute daily in this time range
Note:
- The filters only show those options that appear in the Rules Manager table.
- If you want to filter by many options, you can click Select All to select all options, and then click those options that you want to deselect.
Total Results
The total number of Rules found for the search criteria is displayed on the top left side of the Rules table just under the Filter bar. If no filter criteria are selected, Total represents the total number of Rules that are defined in the system.
Resetting Filters and Searches
You can clear a specific filter or reset all filters.
- Click Clear All to clear all selections in a specific filter.
- Click Reset from the top right of the Rules Manager page to clear all filters, and display all the rules.
Sorting
You can sort the Rules Manager table by any column.
To sort the table
- Hover over a column header. A small arrow appears. The up arrow indicates that the column is sorted from low to high. The down arrow indicates sorting from high to low. Sorting columns alphabetically is case insensitive.
- Click the small arrow to set the sort order.
Rule Retention
The Rule Manager pages always display the last 100,000 rules.
Was this article helpful?