LEM rules: Automate how LEM responds to events

Rules monitor event traffic and automatically respond to security events in real time, whether you are monitoring the console or not. When an event (or a series of events) meets a rule condition, the rule prompts the LEM Manager to act. A response action can be discreet (for example, sending a notification to select users by email), or active (for example, blocking an IP address or stopping a process). Learn more about LEM rules here.

See About LEM response actions for information about response actions.