Rules

Updated 3 weeks ago by admin

The ASE product has a number of pre-defined rules that aim to automate common tasks that a security analyst would often perform manually. The rules govern how threat objects will be shared between the core products that are licensed in your account.

The rules are centrally managed by the ASE product and require no configuration other than to enable them if required. Enabled rules can take preventative measures to stop threats from spreading by sharing the threat object detail, at machine speed, with other products that are able to use it.

Managing Rules

To manage rules, navigate to Products, ASE and then Rules.

Only rules that are available to your account will be enabled. Some rules are in active development and will be released shortly. New rules will become enabled as soon as they are available to use.

Rules can be set to one of the following modes of operation:

  • Disabled - the rule is not active. Matching threat objects will be ignored however they will still be logged in the Threats and Analytics sections.
  • Notify Only - the rule is active but will not take any action. Any configured recipients will be notified.
  • Enabled - the rule is active and will share threat objects with related products as per the rule description. Additionally, any configured recipients will be notified.

Configuring Notifications

To add a recipient to receive notifications for a rule:

  1. Click the cog (settings) icon next to the rule name to open the notifications panel
  1. Click the Add button
  1. Select the type of notification, which can be SMS or Email and then the corresponding recipient phone number (including internationally code) or email address.
  2. Click Update

The next time the rule is triggered the recipient(s) will receive a notification containing a link to the event report.

To edit a recipient that receives notifications for a rule double click the entry in the notifications list.

Receiving Notifications

Notifications are sent in real time as soon as the rule is triggered. The notification will summarise the event and contain a link to open a more detailed Event Report. An example SMS notification is below:


How did we do?