Create an ESA RuleCreate an ESA Rule
This topic describes the steps to create an ESA rule.
To create an ESA Rule
- Go to (CONFIGURE) > Policies.
- In the policies panel, click Content.
- In the left panel, click Content Library.
The available rules are displayed.
Click Event Stream Analysis Rule.
In the ESA rule panel, click + Create Rule to add an ESA rule.
It navigates to ESA Rules > Rules view. For more information on creating new rules, see the section Add a Rule Builder Rule.
Note: Analysts must have appropriate permissions to view the ESA rules under (CONFIGURE) > ESA Rules and (CONFIGURE) > Policies pages. For more information, see the Source-server section in the "Role Permissions" topic in the System Security and User Management Guide.