Manage Rules
- SOCaaP monitoring rules identify events that may cause harm to customer networks and reports them to the admin console as 'Incidents'. For example, a firewall breach.
- Logs collected from customer networks are checked by the rules engine.
- Incidents created by rules are classified as 'Correlated Incidents' and automatically assigned to admins for further action. See 'Incidents' for more information.
- This section also lets you tag events so you can search events more effectively.
- Aggregated rules let you configure multiple sub-events. When the conditions are met, a new event is created and can be queried in the 'Events Query' section.
See the following sections for more details:
- Manage Correlation Rules
- Manage Tagged Rules