Managing Action Rules

The following topics are covered in this section:

The Action Rules tab shows a table of configured action rules (notification rules) and their details. This tab is where you can create and manage action rules.

Figure 1. Action Rules Screen

To Create an Action Rule

Click the +Add New Rule button and select the type of notification you want to receive: Adversarial Model or Dashboard.
Figure 2. Add New Rule - Selecting Model Rule

This opens the New Rule dialog box.
Figure 3. New Rule Dialog Box - Adding New Rule

The New Rule dialog box displays 0 Selected Items, where Selected Item is either Adversarial Model or Dashboard. Clicking the 0 Selected Items link opens the corresponding Select Selected Item dialog box. Click the preferred adversarial model or dashboard to add it to the rule. For a dashboard item, you can select only one dashboard per rule. For an Adversarial model item, you can select multiple models per rule.

On the New Rule dialog box, add one or more email addresses, select the time interval between notifications, toggle the Enabled switch, and click Save.

Sorting Order and Filtering Columns

To sort the table of action rules, click the Filter icon for the column you want to sort by. This opens the corresponding sort-and-filter dialog box, where you can sort the list of rules in either ascending or descending order, and filter the rules by criteria that depend on the column.

Notification Type:

Filter the table according to the type of model rule: Dashboard or Adversarial Model.

Figure 4. Notification Type Filtering and Sorting

Name, Author:

Filter according to the string you type in the Filter search field.

Figure 5. Filtering Name Column

Items Attached, Time Interval:
Filter according to the range specified in the Min and Max fields.
Figure 6. Filtering Items Attached Column

Filter according to the specified time range.

Enabled:

Filter according to whether the action rule is enabled.
Figure 7. Filtering Enabled Column

Reset Column Filters:

Reset the column filter settings to the default values.

Table View:
Click the Settings icon to select the table columns to display, reset the filters, save the filters, or reset the table to the default settings.
Figure 8. Action Rules - Table Settings

To edit an action rule, click its Pencil icon to open the Update Rule dialog box. Update the title, emails, time interval, or enabled status, and click Save.
Figure 9. Update a Rule (Dashboard)

To delete an action rule, click its Delete icon to open the Delete Rule dialog box. Click Delete to confirm the deletion of the corresponding action rule.
Figure 10. Delete a Rule (Dashboard)

To see your subscription status for an action rule email notification, hover over its Bell icon. If you are not subscribed, the tooltip will say "Subscribe to Action Rule"; otherwise, it will say "Unsubscribe from Action Rule". Click the Bell icon to change the status.
Figure 11. Checking Your Email Subscription for an Action Rule

Adding Email Notifications For Adversarial Model Matches

Sets up email notifications for an adversarial model.

To set up email notifications for an adversarial model, click the Email Notification Icon in the Detection Management menu bar:
Figure 12. Email Notification

 

This brings up the Create Email Notification dialog box that is linked to that model:
Figure 13. Create Email Notification

Note that a hyperlink to the adversarial model is provided, so that you can double-check that you have chosen the right adversarial model. Give the notification an informative title, fill in the user email(s), pick a time interval between notifications, and click the slider to Notify. Then click Save or Cancel. When this rule is triggered, Awake sends the email.

Note that your Situations are also triggered based on your Adversarial Models.

Creating Notifications

How to create notifications for a dashboard.

Perform the following tasks to create notifications for a dashboard:
  1. Select the dashboard for which you want to receive notifications.
  2. Click the Bell icon on the required dashboard.
    Figure 14. Bell Icon

    The system opens the New Rule dialog box.
  3. Enter the email address where you want to receive notifications.
    Note: To add multiple emails, hit Enter and type an additional email address. Repeat as necessary.
    Figure 15. New Rule Dialog Box

  4. Select the required time interval between notifications from the drop-down list.
  5. Click Save.