- Suppression rules: Use these rules to suppress events or alarms that create noise in your system. See Suppression Rules from the Orchestration Rules Page for more information.
- Filtering rules: Use these rules to make the drop future events that match the rule. See Filtering Rules from the Orchestration Rules Page for more information.
- Alarm rules: Use these rules to identify existing and emerging threats. See Alarm Rules from the Orchestration Rules Page for more information.
- Notification rules: Use these rules to create your own rules and receive . See Notification Rules from the Orchestration Rules Page for more information.
- Response action rules: Use these rules to respond to an event or an alarm running an BlueApp. See Response Action Rules from the Orchestration Rules Page for more information.
Orchestration Rules Management
Orchestration Rules Management
Every networked environment generates thousands of logs from assorted systems. USM Anywhere and USM Central enable you to manage those logs and, through the use of rules, you can prevent and frustrate attacks. The management of the different rules helps you to make the most of your environment.
Keep in mind that setting up a rule base is an iterative process. That means it happens relatively slowly and needs to be tuned over a period of time. There are always new attacks and new indicators to monitor.
USM Central enables you to create and customize these rules to add specific policies for a particular or . There are these orchestration rules:
To view other related training videos, click here.