USM Anywhere enables you to create and manage your own orchestration rules from the EventsAny traffic or data exchange detected by AT&T Cybersecurity products through a sensor, or through external devices such as a firewall. details pages, which is the easiest way to configure an orchestration rule.
Warning: Keep in mind that orchestration rules only apply to future events and alarms. There is no longer an exception for suppression rules.
Suppression rules using the
Match, case insensitive operators apply to future events and alarms, not to events and alarms received in the current day.
You can create these rules:
- Suppression Rule: See Creating Suppression Rules from the Events Page and Suppression Rules from the Orchestration Rules Page for more information.
- Filtering Rule: See Creating Filtering Rules from the Events Page and Filtering Rules from the Orchestration Rules Page for more information.
- AlarmAlarms provide notification of an event or sequence of events that require attention or investigation. Rule: See Creating Alarm Rules from the Events Page and Correlation Rules for more information.
- Notification Rule: See Creating Notification Rules from the Events Page and Correlation Rules for more information.
Important: The Create Filtering Rule option is not visible if the Agent has sent the event.