Documentation forSecurity Event Manager

Configure Time of Day Sets in SEM

Use Time of Day Sets in filters and rules to target specific time frames, such as business hours, off hours, or specific shifts. For example, if you define two different sets for Business Hours and Outside Business Hours, you can assign different rules to each of these sets. During working hours, you may want your rules to alert a system administrator through email, whereas outside of business hours the rule can send an alert and shut down the offending PC.

SEM includes the following Time of Day Sets by default:

Name Description
Business Hours 6:30 AM to 12:00 PM and 1:00 PM to 4:30 PM, Monday through Friday
Early Shift 3:30 AM to 1:30 PM, 7 days a week
Graveyard Shift 9:00 PM to 4:30 AM, 7 days a week
Late Shift 3:00 PM to 12:00 AM, 7 days a week
Normal Shift 7:30 AM to 5:30 PM, 7 days a week
Reboot Cycle 2:00 AM to 3:00 AM, Sunday only

Create or edit a Time of Day Set

See Add a new group or Edit a group to get started adding or editing a Time of Day Set.

You can only add a new Time of Day Set to one SEM Manager at a time. To copy a Time of Day Set for use with another SEM Manager, export it and then import it into the other Manager's Groups grid. See Export a group for steps.

The following table describes the Time of Day Set form fields.

Field Description
Name Enter a name for this Time of Day Set.
Description Briefly describe the purpose of the set.
SEM Manager

Click the Manager drop-down list and select the Manager that will host the Time of Day Set. If you are editing an existing Time of Day Set, this field displays the hosting Manager.

Time grid boxes

The time grid is based on a one-week period and includes:

  • Seven rows, where each row represents one day of the week.

  • 24 numbered columns, where each column represents one hour of the day. The white column headers represent morning hours (midnight to noon). The shaded column headers represent evening hours (noon to midnight).

  • Columns with two check boxes that divide each hour into two 30-minute periods. (Each box represents a half-hour.)

Select the boxes for the half-hour increments that you want to include in the Time of Day Set.

Click and drag to select or clear a range of boxes with one click.

Save Click Save in the lower-right corner to make your group changes permanent.

Use a Time of Day Set in a filter or rule

  1. Locate and click the alert or alert group you want to use in your filter or rule.

  2. In the Fields list, locate and drag DetectionTime to the Conditions box.

  3. In the Components pane, click Time of Day Sets.

  4. Locate the time of day set you want to use and drag it into the conditions area to replace the Text Constant field, (denoted by a pencil icon).

  5. To view all events outside your selected period, click the operator between the field and your Time of Day Set in the conditions area.

    The operator changes to Does Not Contain.

  6. If you are finished creating or editing your filter or rule, click Save.

    If you modified a rule, click Activate Rules in the Rules view.