As its name implies, a ruleset is a set of rules that tells us which events you want to be alerted on. Go to Configuration > Rulesets to tell us which events you want to be alerted on. You can monitor changes to hosts, vulnerabilities, tickets, ports and certificates.
It's easy. Choose a rule type on the left and drag it to the right, then set the rule criteria. Be as specific as you want when setting rule criteria. For example, you may want to be notified for all new vulnerabilities or only new vulnerabilities on Windows hosts with a patch available.
AND is used within a rule. For example, get an alert for a vulnerability that matches: New, Reopened status AND severity 5 AND has a patch.
OR is used between multiple rules. For example, get an alert for a newly opened port OR expired certificate OR new host.
Check out these examples to get some ideas:
Sample 1 - PCI vulnerabilities
In this example, alerts will be generated when we detect new or reopened vulnerabilities that need to be fixed to maintain PCI compliance.
Tip - Click the Add Criteria link to further customize this rule. For example, add host criteria to tell us the type of hosts this rule applies to.
Sample 2 - Expired certificates
In this example, alerts will be generated when we detect an expired certificate on a host with port 443 open. We evaluate certificate rules daily to find expired and expiring certificates. This is the only rule type not based on scans. (Tip - You could also create a Port rule and add certificate criteria to it. In that case, you will get alerts based on scans.)
Sample 3 - Open ports on Linux hosts
In this example, alerts will be generated when any port except 80 or 443 is opened on a Linux host.
Sample 4 - FTP running on non-standard port
In this example, alerts will be generated when we detect that FTP is running but not on port 21.
Manage Your Rulesets | View Your Alerts | Threat Protection RTI