Manage Correlation Rules
You can manage all your correlation rules from the Manage Rules page, which you can access by clicking the Manage Rules button on the top right of the Correlation tab. The Manage Rules page provides you with a tabular list of all correlation rules:
You can use the search bar () on the top of the table to search for a specific rule. You can use the dropdown on the top right of the table to select the number of rules to be displayed per page.
You can perform a several managerial actions on the rules, by clicking on the respective icons, as described below:
- Enable/disable rule (/): The icon implies that a rule is currently enabled, and the icon implies that it is disabled. You can toggle between enabling/disabling the rule by clicking on these icons. When a rule is disabled, EventLog Analyzer does not check for the pattern and does not report on the rule.
- Update rule (): You can modify the rule definition and configurations by selecting this icon, which takes you to the correlation rule builder page. You can modify all details except for the rule name.
- Delete rule (): You can delete any of the custom rules created by clicking on this icon. Predefined rules cannot be deleted.
- Enable/disable notification (): You can enable or disable notifications/alerts for the correlation rules by using this option. You can view and manage correlation alerts under the Alerts tab of the product:
- View correlation alerts, assign owners and track their status under Correlation Alert Profiles.
- You can update notification settings for each correlation alert profile on the Manage Alert Profile page.
You can also enable or disable a group of rules by selecting the rules and clicking on the enable or disable icon on the top of the table. You can enable or disable all rules by using the More Options dropdown.