> ## Documentation Index > Fetch the complete documentation index at: https://docs.levelblue.com/llms.txt > Use this file to discover all available pages before exploring further. # Orchestration Rules | | | | | | | --------------------- | --------- | ------------ | ----------- | ----------- | | **Role Availability** | Read-Only | Investigator | **Analyst** | **Manager** | USM Anywhere enables you to create and manage your own orchestration rules. Keep in mind that these rules verify whether they match with every new event coming into the system. **Warning:** Orchestration rules only apply to future events and alarms. Suppression rules using the `Contains`, `Match` and `Match`, `case insensitive` operators apply to future events and alarms, not to events and alarms received in the current day. USM Anywhere includes these orchestration rules: * Suppression rules: See [Suppression Rules from the Orchestration Rules Page](/documentation/usm-anywhere/user-guide/rules-management/suppression-rules) * Filtering rules: See [Filtering Rules from the Orchestration Rules Page](/documentation/usm-anywhere/user-guide/rules-management/filtering-rules) * Alarm rules: See [Alarm Rules from the Orchestration Rules Page](/documentation/usm-anywhere/user-guide/rules-management/alarm-rules) * Notification rules: See [Notification Rules from the Orchestration Rules Page](/documentation/usm-anywhere/user-guide/rules-management/notification-rules) * Response action rules: See [Response Action Rules from the Orchestration Rules Page](/documentation/usm-anywhere/user-guide/rules-management/response-action-rule) **Note:** USM Anywhere follows a specific order for applying orchestration rules. See [Orchestration Rules Workflow](/documentation/usm-anywhere/user-guide/rules-management/orchestration-rules-workflow) for more information. The order of the conditions is significant because USM Anywhere follows a specific order when it evaluates the rule conditions, reading them from left to right. If your rule includes the *packet\_type* and *plugin\_device* fields, these should always occur first in the order. You can also create orchestration rules from the details of an event or alarm. The functionality works the same way and the dialog box is similar when you are creating a rule either from a detail page of an event or alarm or from the settings page. **Important:** The easiest way to configure an orchestration rule is from the Alarm and the Events details pages. See Creating Notification Rules from the Alarms Page, Creating Alarm Rules from the Events Page, and Creating Notification Rules from the Events Page for more information. ## BlueApp™ Orchestration Rules Some of the AlienApp available in USM Anywhere enable you to automate and orchestrate response actions in third-party security tools, which simplifies and accelerates your threat detection and incident response processes. With a configured integration, these BlueApps include support for app actions in orchestration rules: * [The AlienApp for Carbon Black Endpoint Detection and Response (EDR)](/documentation/usm-anywhere/alienapps-guide/carbon-black/alienapp-carbon-black) * [BlueApp for Cisco Umbrella](/documentation/usm-anywhere/alienapps-guide/cisco-umbrella/alienapp-cisco-umbrella) * [BlueApp for Palo Alto Networks PAN-OS](/documentation/usm-anywhere/alienapps-guide/palo-alto/alienapp-palo-alto-networks) * [BlueApp for Jira](/documentation/usm-anywhere/alienapps-guide/jira/alienapp-jira) * [BlueApp for ServiceNow](/documentation/usm-anywhere/alienapps-guide/servicenow/alienapp-servicenow)