In the Rules overview screen you can add, edit or remove a Rule.
The Rules overview screen
The creation of a new Rule requires the completion of a form that is divided in 4 sections, basic settings, context, filtering conditions and triggering conditions.
The New Rule page
In the basic settings section the user can specify:
In the context section the user must specify the following:
After each value interval, the rule conditions internal counters are reset to produce results for the next singleton interval.
In the filtering conditions section, the user can specify expressions on values of the captured events/logs by specifying the feld of the event, the operator, and the actual/selected value as the accepted threshold for the given event field.
Triggering conditions, when met, describe the conditions that trigger an alert.
In the triggering conditions section, the user can specify expressions on a set of values of the captured events/logs by specifying the field of the event, the statistical function, the operator and the desired value that triggers the condition.
Triggering conditions functions:
When a triggering condition is met in conjunction with the time context it will produce an Alert.
Users may create a rule without any condition, or as many conditions as they need. Only the rules related to the Traffic Type Events should have at least one condition in order to avoid undesired generation of meaningless traffic alerts.