This article describes how to test the rule, modify the details of an existing rule, change the versioning of the rule, delete the rule if not required, and enable or disable the rules in the Resolution Intelligence Cloud.
Testing rules
User permissions required
- Publisher
You can test the rules within the last 14-day period.
Note: You can only test rules that are in these statuses: draft, approved, under review, published, failed, ready to publish, and disabled.
To test a detection rule:
-
Do one of the following to access Configurations:
- Click the Configurations icon at the top navigation bar.
- Click the hamburger menu on the left and select CONFIGURATIONS.
- Click Detection Policies, under Signals.
- From the policies listing page, select a rule that you would like to test.
-
Click Test Rule above the Rule Editor.
A pop-up appears. - In the Duration field, select from date and to date.
- In the Tenant field, select a tenant from the drop-down.
- Click Test Rule.
Note 2: You can select a tenant if you have logged in as a domain or organization user.
Versioning a Rule
User Permissions required
- Publisher
Note 1: New version button is enabled only if the latest version of a rule is in published or disabled states.
To create a new version:
-
Do one of the following to access Configurations:
- Click the Configurations icon at the top navigation bar.
- Click the hamburger menu on the left and select CONFIGURATIONS.
- Click Detection Policies, under Signals.
- From the policies listing page, select a published rule that you would like to create a future version.
- Click Create New Version at the top right of the screen.
- On the New Versioning page, update the details that require necessary changes.
- Click Save.
Once the future version # of a rule is created and published, the rule with the previous version will be moved to the disabled state automatically. If you would prefer to enable the old rule again, then create a new version with the same parameters and publish it.
Note:
- The version number is not editable. The version is automatically updated once you click the New Version of a rule.
- You cannot create a new version of a rule if the rule is published at a domain or by users at an organization or tenant level.
Duplicating a rule
Use this procedure to create the same rule with the same version number.
User Permissions required
- Publisher
Duplicating an existing rule helps you quickly create the same rule with the same version number. Ensure that the rule name is different from the original rule while cloning it.
Note: Duplicating a rule is applicable to the published rules only.
To create a duplicate rule:
-
Do one of the following to access Configurations:
- Click the Configurations icon at the top navigation bar.
- Click the hamburger menu on the left and select CONFIGURATIONS.
- Click Detection Policies, under Signals.
- Select a rule from the Rules listing page that you would like to clone.
- In the Rule page, click the ellipses icon at the top right.
-
Click Duplicate Rule from the drop-down menu.
A duplicate rule will be created. - Edit the details of your duplicated rule, if required.
- Click Save as draft to save the changes. (or)
- Click Send for Review.
The rule will be sent to the publisher for review, and the rule state is moved to Under Review.
Disabling a Rule
User Permissions required
- Publisher
Note: Disabling a rule is applicable to published rules only.
To disable a rule:
-
Do one of the following to access Configurations:
- Click the Configurations icon at the top navigation bar.
- Click the hamburger menu on the left and select CONFIGURATIONS.
- Click Detection Policies, under Signals.
- Select a rule from the rules listing page that you would like to disable.
- In the Rule page, click the ellipses icon at the top right.
- Click Disable Rule from the drop-down menu.
The selected rule will be disabled in the backstory and CMS.
If you would like to enable a disabled rule, follow the below steps.
- In the Rule page, click the ellipses icon at the top right.
-
Click Enable from the drop-down menu.
Selected rules will be enabled in the backstory and in CMS.
Editing Detection Rules
User Permissions required
- Publisher
- Creator
Note: You can only edit rules that are in these status- request changes, under review, approved, failed, and ready-to-publish.
To edit a rule:
-
Do one of the following to access Configurations:
- Click the Configurations icon at the top navigation bar.
- Click the hamburger menu on the left and select CONFIGURATIONS.
- Click Detection Policies, under Signals.
- Select a rule from the rules listing page that you would like to enable.
- Click Edit in the top right corner.
- Modify or change the details of a rule.
- Click Save as Draft to save the changes. (or)
- Click Send for Review.
The rule will be sent to the publisher for review, and the rule state is moved to Under Review.
Deleting Detection Rules
User Permissions required
- Publisher
- Creator
Note: Deleting a rule is applicable to the draft and failed states only. Once you delete the rule, its association will also be removed if it is associated with a pack.
To delete a rule,
-
Do one of the following to access Configurations:
- Click the Configurations icon at the top navigation bar.
- Click the hamburger menu on the left and select CONFIGURATIONS.
- Click Detection Policies, under Signals.
- From the Detection Rules page, click the ellipses icon far right to the rule that you prefer to delete.
-
Click Delete.
The rule will be removed from the CMS.
Finding Detection Rules
The free text search allows you to filter the detection rules by text in the rule name only. There is no Search button.
Filtering Detection Rules
The detection rules can be filtered by status: Draft, Under review, Approved, Ready to publish, Published, and Disabled.
Sorting Detection Rules
The rules feed lists all detection rules on the listing page after creating or publishing them.
You can sort the detection rules based on the following list of options:
Item | Description |
---|---|
Rule Name |
The name of the rule. |
Version |
The version number is generated every time you make some changes to the existing rule and publish it. |
Status |
The current status of the rule. (draft/under review/approved/ready to publish/published/disabled/failed) |
Date Created |
The date and time at which the rule was created. |
Date Modified |
The date and time at which the rule was modified. |
Modified by | The user who modified the rule. |
To rearrange rules in descending or ascending order, click
Comments
0 comments
Please sign in to leave a comment.