You use the Rule Wizard to add a custom action script that runs in response to a custom
rule event.
About this task
To create a new rule, you must have the permission.
You can test rules locally or globally. A local test means that rule is tested on the local Event
processor and not shared with the system. A global test means that the rule is shared and tested by
any Event processor on the system. Global rules send events to the central Event processor, which
might decrease performance on the central Event processor.
Procedure
-
Click the Offenses tab.
-
On the navigation menu, click Rules.
-
From the Actions list, select New Event
Rule.
-
In the Rule Test Stack Editor page, type a unique name for this rule in
the enter rule name here field in the Rule pane.
-
From the list box, select Local or Global.
-
Add one or more tests to a rule:
-
To filter the options in the Test Group list box, type the text that you
want to filter for in the Type to filter field.
-
From the Test Group list box, select the type of test you want to add to
this rule.
-
For each test you want to add to the rule, select the plus (+) sign beside the test.
-
To exclude a test, click and at the beginning of the test in the Rule
pane.
The and is displayed as and
not.
-
Click the underlined configurable parameters to customize the variables of the test.
-
From the dialog box, select values for the variable, and then click
Submit.
-
To export the configured rule as a building block to use with other rules:
-
Click Export as Building Block.
-
Type a unique name for this building block.
-
Click Save.
-
On the Groups pane, select the check boxes of the groups to which you
want to assign this rule.
-
In the Notes field, type a note that you want to include for this rule.
Click Next.
-
On the Rule Responses page, click the Execute Custom
Action check box and select your script from the Custom Action to
execute drop-down list.
-
Click Next.
-
Review the Rule Summary, and then click
Finish.