Documentation forSecurity Event Manager

Create and enable a change management rule

Change management rules notify you when a user makes network configuration changes. For example:

  • Adding, changing, or deleting users in Active Directory
  • Installing software on monitored computers
  • Making changes to the firewall policy

You can create a general change management rule to instruct SEM to notify you when a user changes your network configuration, or you can create a more specific rule that applies to specific users, groups, or types of changes. Generally, if you can see an event in your console, you can create a rule for the event. Use your filters as a starting point for creating custom rules.

  1. Log in to the SEM Console.
  2. On the toolbar, click Rules.
  3. On the Rules toolbar, click Create new rule.

  4. Under Rule Values, expand the Events group, and then select NewGroupMember.
  5. Under NewGroupMember fields, locate EventInfo, and then drag it into the rule builder.

  6. To account for all variations on the word administrator, click the or add it hyperlink and enter *admin*.
  7. Keep the default occurrence and trigger actions settings.
  8. Click Next.
  9. Enter an appropriate rule name. For example, New Admin User.
  10. Under Options, click the toggle button to enable the rule after saving.
  11. Click Add new action, select Send Email Action, and then click Next.
  12. From the Email Template drop-down list, select a template.

  13. From the Recipients drop-down list, select one or more recipients, and then click Add.
  14. Review your details and actions, and then click Create.