Creating a Rule and why a Rule is needed

Watch a Short Video

 

Creating a Rule is performed from the Rules page.

  1. Select Rules from the Dashboard navigator to open the Rules page.
  2. Click Create Rule.
  3. Enter a name for the new Rule. The name must be unique. The same name cannot be used more than once and cannot include the "/" character.
  4. Select the Severity level (Low, Medium, High, or Critical). The default is Medium. The severity level that you choose is shown in graphs, such as the Severity Level graph on the Dashboard.
  5. Click Add Condition.

Before Alerts can be triggered, you must create a Rule and assign that Rule to a Group.

  • Conditions set within a Rule are required to trigger Alerts.
  • Rules can have one Condition, a combination of Conditions, or all Conditions.
  • At least one Condition must be added to a Rule.

Adding Conditions

Several Condition types are available. Adding at least one Condition is required; although, you can add all Conditions or a combination of Conditions.

Outage_Detection_by_IP_noCallouts.png

Following are brief descriptions of what is monitored for triggering an alert. You can select a link located under "Condition" to view instructions for adding that Condition.

Condition  What is monitored for triggering alerts?
IP Restriction

Traffic flow between your devices and specific IP addresses is monitored.

This selection provides whitelisting or blacklisting of the IP addresses specified by you.
Port Restriction

Traffic flow between your devices and specific ports is monitored.

This selection provides whitelisting or blacklisting of ports specified by you.
Protocol Restriction

Traffic flow over specific protocols is monitored.

You can select which protocols are allowed to communicate with your devices.
Change Detection

Location of your devices is monitored.

This selection monitors your devices to detect a change in registered cell tower (location of the device) or when an IMEI  might have been switched and is being used in a different device.
Time Period Restriction

Device's usage outside of a specified time zone and time period is monitored.

You can select the days and hours of the day that your devices are allowed to communicate.
Traffic Flow

Inbound or outbound traffic flow is monitored.

Select whether you want your devices to only send traffic or only receive traffic.
Burst Detection

Unexpected data usage is monitored.

This selection monitors for a specified amount of data, traffic flow of that data (inbound, outbound, or both), and selected time (1 hour, 30 minutes, and so on).

If the selected amount of data exceeds the threshold within the selected amount of time and selected traffic flow, an alert is triggered.
Outage Detection

Loss of connectivity is monitored.

Select how long devices can go without communicating (sending data, receiving data, or both) within a time selection (1 hour, 30 minutes, and so on) before an alert is triggered.
Outage Detection by IP 

Loss of connectivity is monitored for the specified IP address or addresses.

Select whether the monitoring occurs when the device is sending, receiving, or both sending and receiving and the time period to monitor.
  • If you need to remove a Condition, you can do so before you save the Condition. Click the "x"  (located to the right of the Condition name).
  • After adding a Condition and its values, if you want to add more conditions, click Add Condition again to select and add another one.
  • Condition restrictions apply, for information, refer to Following Rule Condition Restrictions.  

    Important! If you set more than one Condition, an Alert is triggered only when all the Conditions are triggered at the same timeFor example, if you select to restrict an IP address and then select to restrict a port, an alert is triggered when the specified IP address connects to the specified port.

Once Conditions are saved, they are displayed in a list in the Conditions section of the Create Rule page.

Adding Actions

Currently, only the e-mail option is available within Actions.  Watch for other Actions to be available in future releases.

You can add an e-mail address or multiple address to receive notification when an alert is triggered.

AddActions_email.png

      1. Click Add Actions.
        1. Click Email.
        2. Click Continue.
        3. Enter the e-mail address.
          • If you need to add more than one e-mail address, click Add Another Email Address.
          • Continue clicking Add Another Email Address and entering the addresses until all e-mail addresses are entered.
        4. Click Continue.
        5. Click Save.
      2. When you are finished adding all the Conditions and Actions (e-mail addresses), click Create Rule.

Notes:

      • SecurityPro checks whether a name has been entered for the Rule. If the name is missing, the Rule is not created and the Rule name field is highlighted in red. Enter a Rule name and click Create Rule to create the Rule.
      • If a Severity Level for this Rule has not been selected, the Severity Level defaults to Medium.

Once created, the new Rule is added to the list on the Rules page.

The Rules page shows the number of Conditions and Actions associated with this Rule. If you select the Rule from the list, the Rule details are displayed.

You can now assign the Rule to a Group.

Important! SecurityPro only monitors your devices to notify you when your Device is not behaving as expected. It does not resolve this behavior. You must take action to resolve your Device’s behavior and then acknowledge within SecurityPro that you have done so.

Related articles

Related articles