Update a Ruleset

You can update a ruleset in the App Infrastructure Protection (AIP) Cloud Security PlatformⓇ (CSP). Locate the rule by either navigating to the Rules tab or the Alerts tab.

Note

If you are looking to create a ruleset, see Rule Creation Overview.

Update the Base Rule Set

You can rename the Base Rule Set in the AIP CSP.

  1. Navigate to the Rules tab and select the Base Rule Set.


    Select_base_ruleset.png

  2. In the right view pane, the Details screen displays. You can update the following:
    1. The ruleset name
    2. The ruleset description

    Base_ruleset_details.png

  3. After making your updates, click the Update Ruleset button to register your changes.


    Updating_base_ruleset.png

The ruleset is updated and your changes are displayed in the Rules tab.

Updated_base_ruleset.png

Important

Clicking the Delete Ruleset link will permanently remove the updated ruleset from your organization. This ruleset will no longer be available to servers previously assigned to it.

  • We do not recommend deleting the Base Rule Set if it is the only ruleset assigned to your organization.
  • If you unintentionally delete the Base Rule Set or require assistance with re-tuning your ruleset, we recommend contacting support at support@threatstack.com.
Update a Rule through the Rules Tab
  1. Navigate to the Rules tab and select the rule you want to update.


    1.png

  2. In the right view pane, the Details screen displays. You can update the following:
    1. The rule name
    2. The alert title
    3. The alert description
    4. The aggregate fields
    5. The frequency of triggering an alert

    2.png

  3. Click the Update Rule button to register your changes.


    3.png

  4. Click the Filter link to display the rule filter settings. You can also update your deployment and suppression settings.


    4.png

  5. To add a new suppression, click the New Suppression button. For additional information, see How do I Suppress an Alert?.


    NewSupBut.png

  6. After making your selections, click the Add New Suppression button to register your changes.


    AddNewSupBut2.png

The ruleset is updated and your changes are displayed in the Rules tab.

6.png

Update a Rule through the Alerts Tab
  1. Navigate to the Alerts tab. Locate the alert associated with the rule you would like to update.

    Note

    In this example, the "User activity (Logins)" alert was selected.

    Sev3_alert_details.png

  2. Click the View/Edit Rule link.


    8.png

  3. The Edit Rule dialog displays. Within the Details pane, you can update the following:
    1. The severity of the alert
    2. The rule name
    3. The alert title
    4. The alert description
    5. The aggregate fields
    6. The frequency of triggering an alert

    Note

    In this example, a host rule is being updated.


    9.png

  4. You can also update other settings for deployment, rule filter and suppression by clicking their respective tabs.


    10.png

  5. Select the Suppressions tab. 


    EditHostRule.png

  6. Click the New Suppression button.
  7. To add suppression filter(s), see How do I Suppress an Alert?.


    EditHostAddSup.png

  8. After making your selections, click the Add New Suppression button to register your changes.

The ruleset is updated and your changes are displayed in the AIP CSP.

Was this article helpful?
0 out of 0 found this helpful