Define the conditions, significant finding or event that should trigger the rules and send you alerts.
Navigate to Responses > Rule Manager > New Rule.
Provide required details in the respective sections to create a new rule:
- In the Rule Information section, provide a name and description of the new rule.
- In the Rule Query section, specify a query for the rule. The system uses this query to search for events. Use the Test Query button to test your query.
Click Sample Queries to select from predefined queries.
- In the Action Settings section, choose the actions that you want the system to perform when an alert is triggered.
You can also customize the message text by inserting tokens to the alert message.
Note: Currently, the validTo and ValidFrom tokens in the alert message display the date as a number (UNIX Epoch time). In order to view the date in a legible format in your alert email, you can manually change the tokens validTo to validToDate and validFrom to validFrom Date when you compose your alert message.
View all the rules created in the Rule Manager tab with details such as trigger criteria selected for the rule, action chosen for the rule, state of the rule, whether the rule is enabled or disabled, etc. Use the Actions menu or Quick Actions menu to perform quick actions on rules, such as, view, edit, delete rule, enable, disable, delete and save an existing rule along with its configurations to create a new rule. Use the search bar to search for rules using the search tokens.
