Documentation forSecurity Event Manager

Add preconfigured SEM rules

This section describes how to add and customize preconfigured SEM rules based on specific categories.

Add rules based on categories of interest

  1. Open the SEM console. See Log in to the SEM web console for steps.

  2. On the SEM menu bar, click Ops Center.

  3. In the Getting Started widget, click Define Rules and Configure Alerts.

    By default, the Getting Started widget is in the top left part of the page.

  4. Select the check box next to the rule categories that you want to enable, and then click Next.

  5. Based on the categories you selected, select specific rule types to enable, and then click Next.

    On the Rule Settings tab, enter the SEM external email server settings, select email recipients from the list, and add then additional email recipients not on the list, if needed.

  6. Review your summary, and then click Finish.
  7. On the SEM menu bar, navigate to Build > Rules.

  8. In the Rules grid, locate a new rule, click , and then select Edit to define the condition, correlation time, and action for each new rule.

    Ensure the rule is enabled. A displays next to the enabled rule.

  9. Complete step 8 for each additional rule.

  10. Test the rules to verify they work as expected. See Testing rules in SEM for details.

Clone, customize, and enable a specific preconfigured rule

  1. Open the SEM console. See Log in to the SEM web console for steps.

  2. On the SEM menu bar, navigate to Build > Rules.

  3. Use Refine Results in the sidebar to browse, search, or filter for specific rules or scenarios, or browse for a rule in the Rule Categories and Tags section.

  4. Select a rule to clone, click the corresponding , and then choose Clone.

  5. In the Clone Rule dialog box, select a Custom Rules folder, rename the rule, and then click OK.

  6. On the Rule Creation screen, customize the rule (if desired), and then select Enable.

  7. Click Save.

  8. To sync your local changes with the SEM appliance, click Activate Rules in the Rules grid. See About selecting rules to test, enable, or disable for details.

  9. Test the rules to verify they work as expected. See Testing rules in SEM for details.