Rule List

The Rules page includes a list of all rules available in your F5 Distributed Cloud App Infrastructure Protection (AIP) organization.

RuleList.png

  1. Add Rule – Add a rule to your Distributed Cloud AIP organization. For more information, see Rule Creation Overview.
  2. Add Rule Options menu – Open the Add Rule Options menu. For more information, see Add Rule options menu.
  3. Checkbox – Select the checkbox to select the all rules. The selection menu displays at the top of the rule list. For more information, see Rule Selection Menu. You can also select individual rules by using the checkbox next to the rule.
  4. Name – The name of the rule.
  5. Ruleset – The name of the ruleset to which the rule belongs.
  6. Type – The type of the rule. For more information on types of rules available in Distributed Cloud AIP, see Rule Creation Overview.
  7. Severity – The severity level of the rule. Options are 1 (displayed in red), 2 (displayed in yellow) or 3 (displayed in blue).
  8. Status – A toggle button that indicates whether the rule is enabled (blue, toggle on right) or disabled (gray, toggle on left).
  9. Suppressions – The number of suppressions and the number of AWS EC2 tags associated with the rule.
  10. Last Updated – The date and time, in local time, that the rule was last modified.
  11. Expand button – Click the Expand button to view a summary of the details of a particular rule.
  12. Details button – Click the Details button to open the Rule Details drawer. For more information, see Rule Details Drawer.
  13. Options button – Click the Options button to open the rule options menu. For more information, see Rule Options Menu.

You can sort all columns, except Suppressions column, in ascending or descending order. Click the column name to sort by that column. Click the name a second time to sort in reverse order. By default, rules are sorted in descending order by the Severity column.

Rule Selection Menu

The rule selection menu displays at the top of the rule list when one or more rules are selected.

RuleSelectionMenu.png

  1. Number of rules – The number of rules selected displays.
  2. Clear Selection – Click the Clear Selection button to uncheck all of the selected rules. The rule selection menu closes.
  3. Enable – Click the Enable button to enable all of the selected rules in your Distributed Cloud AIP organization. A confirmation message displays that requires input before the enabling of the rule(s) completes.
  4. Disable – Click the Disable button to disable all of the selected rules in your Distributed Cloud AIP organization. A confirmation message displays that requires input before the disabling of the rule(s) completes.
  5. Delete – Click the Delete button to permanently delete all of the selected rules in your Distributed Cloud AIP organization. A confirmation message displays that requires input before the deletion completes. All event, alert, and anomaly data associated with the rule remains until their storage expiration window ends.
Rule Details Drawer

Click the Details button to access the Rule Details drawer.

RuleDetailsDrawer.png

The Rule Details drawer contains three main sections.

Close or Edit

CloseEditSection.png

  1. Close button – Click the Close button to close the Rule Details drawer.
  2. Edit button – Click the Edit button to edit the rule. For more information, see Edit Rule Drawer.
Rule Match Histogram

The Rule Match histogram displays the previous 30 days of data associated with the rule.

RuleHistogram.png

  1. X axis – The time over which the rule monitored events. The maximum time displayed is 30 days. The dates and times at which the rule matched, suppressed, or alerted against the rule display as points on the Y axis.
  2. Y axis – The number of times an event matched, suppressed, or alerted against the rule. The axis scales to match the maximum number of events, whether matched, suppressed, or alerted, tied to the rule.
  3. Matched checkbox – Select this checkbox to display each time in the past 30 days the rule matched an event. The graph displays in green. By default, this checkbox is selected.
  4. Suppressed checkbox – Select this checkbox to display each time in the past 30 days the rule suppressed an event. The graph displays in blue. By default, this checkbox is selected.
  5. Alerted checkbox – Select this checkbox to display each time in the past 30 days the rule alerted on an event. The graph displays in red. By default, this check box is selected.
Rule Metadata

The rule metadata section contains all of the metadata the rule matches against, as well as metadata about the rule itself.

RuleMetadata.png

  1. Type – The type of rule. For more information on rule types, see Rule Creation Overview.
  2. Status – The rule is either Enabled or Disabled.
  3. Severity – The severity level of the rule. Options are 1 (displayed in red), 2 (displayed in yellow) or 3 (displayed in blue).
  4. Description – The description of the rule's purpose.
  5. Filter – The fields the rule must match in an event to trigger an alert.
  6. Suppressions – The fields the rule must match in an event to prevent an alert from triggering. Suppressions are usually tied to normal behavior for your infrastructure.
  7. Aggregate Fields – The fields grouped by the rule, which define the uniqueness of the rule. For more information, see Rule Aggregation.
  8. Deployment Inclusion Tags – Automatically deploy this rule to hosts or containers that contain these AWS EC2 tags.
  9. Deployment Exclusion Tags – Automatically prevent this rule from deploying to hosts or containers that contain these AWS EC2 tags.
  10. Suppressions (optional) – If there are suppressions associated with the rule, then they display. For more information, see Suppress an Alert.
  11. Rule ID – The unique identifier for the rule. This identifier is automatically generated by Distributed Cloud AIP.
  12. Ruleset ID – The unique identifier for the ruleset to which the rule belongs. This identifier is generated by Distributed Cloud AIP.
  13. Created – The local date and time at which the rule was created.
  14. Last Updated – The local date and time at which the rule was last modified.
Rule Options Menu

Click the Options button to access the rule options menu.

RuleDetailOptionsMenu.png

  1. Edit Rule – Opens the Edit Rule drawer. For more information, see Edit Rule Drawer.
  2. Clone Rule – Opens the Clone Rule drawer. For more information, see Clone Existing Rule.
  3. Delete Rule – Permanently deletes the rule from your Distributed Cloud AIP organization. A confirmation message displays that requires input before the rule deletes. For more information, see Delete Rules.
  4. Edit Ruleset Servers – Opens the Edit Ruleset Server dialog. For more information, see Edit Ruleset Server.
  5. Edit Ruleset – Opens the Update Ruleset dialog. For more information, see Edit Ruleset.

Related Articles

Was this article helpful?
0 out of 0 found this helpful