To create a rule, go to Responses > Rule Manager > New Rule.
Provide required details in the respective sections to create a new rule:
- In the Rule Information section, provide a name and description of the new rule in the Rule Name and Description.
- In the Rule Query section, specify a query for the rule. The system uses this query to search for events. Use the Test Query button to test your query. Click Sample Queries link to select from predefined queries.
- In the Action Settings section, choose the actions that you want the system to perform when an alert is triggered.
- Click Save.
Rule Manager tab lists all the rules that you have created with rule name, alert message aggregating enabled or disabled for the rule, action chosen for the rule, date and time when the rule is last triggered and state of the rule, whether the rule is enabled or disabled and created date and time of the rule. You can use the Actions menu or Quick Actions menu to edit, enable, disable, delete rules and save an existing rule along with its configuration to create a new rule with a new name. Use the search bar to search for rules using the search tokens.