Create rules that respond to security events
SEM rules monitor event traffic and automatically respond to security events in real time, whether you are monitoring the console or not.
When an event (or a series of events) meets a rule condition (or set of conditions), the rule prompts the SEM Manager to act. A response action can be discreet (for example, sending a notification to select users by email), or active (for example, blocking an IP address or stopping a process). Learn more about SEM rules here.
See About SEM response actions for information about response actions.
See the following topics for more information.