Documentation forSecurity Event Manager

Create a rule from a filter

From the Filters pane, you can create a new rule based on any existing filter with a single click. This allows you to set alerts for specific event activity without manually duplicating filter values in the custom rule builder.

  1. On the SEM Console, click Live Events.
  2. In the Filters pane, scroll down to locate your filter, move the pointer over the filter to expose the vertical ellipsis, click it, and then select Send Filter to Rule.

    The rule builder appears displaying the existing values for the filter.

  3. To complete the rule configuration, see Create a new rule.

If rule definition changes are made to a rule that was created from a filter, those changes are not reflected in the existing filter. Likewise, if the filter changes, the associated rule is not updated with the filter changes.