A Host rule will alert you to user activity in your system.
To add a Host rule:
1. Select Host rule from the table list.
2. Choose the severity of the alert (Black).
3. Define a Rule Name (Red).
4. Define an Alert Title (Orange).
5. Define an Alert Description (Yellow), which can be as simple as mirroring the title, or adding more detail.
6. Choose whether you want to Aggregate Fields (Green). More on Aggregates here
7. Choose whether you want to group alerts by threshold (Blue). More on Threshold here
8. Click "Next Filter".
The rule will be created, and you will be brought into the rule.
A filter is the heart of the rule where you define the logic for when the alert should fire.