Manage Log Shipper Business Rules

Manage Log Shipper Business Rules

Only write-access users can manage Log Shipper Business Rules.

View Log Shipper Business Rules

Go to Log Shipper > Business Rules to view business rules in list view or grid view, and toggle the view between grid and list views using the button besides the Refresh button.

image3.png
image2.png

You can also expand each folder to see the business rules in that folder. User can also delete the whole folder of business rules which will delete all the business rules in that folder.

image1.png

Create Log Shipper Business Rules

A write-access user can create business rules to filter out the logs they want to ingest in their SIEM platforms. A default business rule with name All is provided out of the box which matches all the alerts and events.

  1. Go to Log Shipper > Business Rules.
  2. Click Create New Rule.
  3. Enter a rule name.
  4. Select or enter a query in the alert/event filter. At least one filter must be selected.
  5. Enter the folder name that you want to add it to, or you can select an existing folder. At max you can go up to 3 level of hierarchy.
  6. Click Save.

Perform an Action on a Log Shipper Business Rule

A write-access user can manage all the business rules from a single place on the platform on the Log Shipper Business Rules page, and can clone or edit a business rule, or delete the business rule from this page in the Action column.

Clone a Log Shipper Business Rule

To clone the entire business rule, select the Clone icon on the rule, name the rule, and click Save.

LS-Clone-Rule.png

Edit a Log Shipper Business Rule

To edit a business rule, select the Pencil icon and modify the business rule. When finished, click Save.

Delete a Log Shipper Business Rule

To delete a business rule, select the Trash icon on the rule and confirm the action.

image32.png
Share this Doc

Manage Log Shipper Business Rules

Or copy link

In this topic ...