Creating Rules from Events

Role Availability Read-Only Investigator Analyst Manager

USM Anywhere enables you to create and manage your own orchestration rules from the Events Any traffic or data exchange detected by LevelBlue products through a sensor or external devices such as a firewall. details pages, which is the easiest way to configure an orchestration rule.

Warning: Orchestration rules only apply to future events and alarms.

Suppression rules using the Contains, Match and Match, case insensitive operators apply to future events and alarms, not to events and alarms received in the current day.

You can create these rules: