1. F5 Distributed Cloud App Infrastructure Protection (AIP) Support
  2. User Guides
  3. Host Intrusion

Create a Linux Host Rule

A Host rule alerts you to user activity on your system. You can add a host rule in the F5 Distributed Cloud App Infrastructure Protection (AIP) Rules tab.

Note

If you are looking to update a ruleset, see Update a Ruleset.

  1. Navigate to the Rules tab and select a ruleset from the list.
  2. Click the + New Rule button.


    1.png

  3. The Add Host Rule dialog displays.


    Linux_rule_selected.png

  4. Select Host Rule from the list and click Next: Details to proceed.
  5. The Add Host Rule dialog displays. You will be able to specify the rule details.
    1. Severity of alerts: There are three levels of behaviors to indicate the severity of an alert.
      • Severity 1 alerts are the highest elevation of behaviors.
      • Severity 2 alerts are the second highest elevation of behaviors.
      • Severity 3 alerts are the third highest elevation of behaviors.
    2. Rule Name (Required): Indicates the name of the ruleset.
    3. Alert Title (Required): Indicates the name and substitutions (dynamic content) which add context to the alert.
    4. Alert Description: Indicates a brief summary of the alert.
    5. Aggregate Fields: Helps define the uniqueness of an alert. See Rule Aggregation for additional information about aggregate options.
    6. Trigger an alert if an event matching this rule occurs at least: Indicates the frequency for generating an alert. You can specify how often to display an alert within a certain time frame. For additional information, see Life Cycle of an Alert.


    3.png

  6. After making your selection, click Next: Filter.


    4.png

  7. The Host Rule Filter pane displays.


    5.png

    Tip

    If you have integrated your Amazon Web Services (AWS) account into Distributed Cloud AIP, the Deployment Options pane appears next. You can specify AWS EC2 tags for this rule and automatically assign the rule to all associated hosts. For additional information, see AWS EC2 Tags.

    However, if you do not see the Deployment interface, your Distributed Cloud AIP AWS EC2 Agent correlation is not enabled. Follow the steps in Automatically Integrate with AWS using CloudFormation to enable this integration.

  8. After specifying a rule filter, click Create Rule.


    6.png

  9. The rule creates and is displayed on the Rules page.


    7.png

Was this article helpful?
0 out of 0 found this helpful

Table of Contents

Related articles