Rule Library PanelRule Library Panel
The Rule Library panel allows you to manage rules.
What do you want to do?What do you want to do?
| Role | I want to ... | Show me how |
|---|---|---|
| Content Expert | Add an ESA rule. | Add a Rule Builder Rule |
| Content Expert | Edit, duplicate, or delete an ESA rule. | Edit, Duplicate or Delete a Rule |
| Content Expert | Import or export ESA rules. | Import or Export Rules |
| Content Expert | Filter the ESA rules list. | Filter or Search for Rules |
Related TopicsRelated Topics
Quick LookQuick Look
To access this view, go to 
The following figure shows the Rule Library panel.
The Rule Library panel includes the following components:
- Rule Library toolbar
- Rule Library list
Rule Library ToolbarRule Library Toolbar
The Rule Library toolbar allows you to add, delete, edit, duplicate, filter, export, and import ESA rules. The following figure shows the icons for these actions.
Rule Library ListRule Library List
The following figure shows the Rule Library list.
The Rule Library list shows all of the ESA rules. The following table lists the columns in the Rule Library list and their description.
| Column | Description |
|---|---|
| Rule Name | Purpose of the ESA rule. |
| Description | Summary of what the ESA rule detects. |
| Trial Rule | Deployment mode to see if the rule runs efficiently. |
| Type | The type of rule. For more information, see ESA Rule Types. |
| Actions (  ) |
Menu to delete, edit, duplicate, or export the selected rule. |
| Severity | Threat level of alert triggered by the rule. |
| Indicates whether an alert notification for the rule is sent by email. This column is not visible by default. | |
| SNMP | Indicates whether an alert notification for the rule is sent using SNMP. This column is not visible by default. (ESA SNMP notifications are not supported in NetWitness version 11.3 and later.) |
| Syslog | Indicates whether an alert notification for the rule is sent using Syslog. This column is not visible by default. |
| Script | Indicates whether an alert notification for the rule executes a script. This column is not visible by default. |
| Last Modified | The date and time when the ESA rule was last modified. This column is not visible by default. |
To display columns which aren't visible by default, hover over the title of a column and click the v on the right. This opens a drop-down menu in which you can sort the contents of the column or choose which columns you want to see in the Rule Library list.
