USM Anywhere enables you to create and manage your own orchestration rules from the Events Any traffic or data exchange detected by AT&T Cybersecurity products through a sensor or external devices such as a firewall. details pages, which is the easiest way to configure an orchestration rule.
Warning: Orchestration rules only apply to future events and alarms.
Suppression rules using the
Match, case insensitive operators apply to future events and alarms, not to events and alarms received in the current day.
You can create these rules:
- Suppression Rule: See Creating Suppression Rules from the Events Page and Suppression Rules from the Orchestration Rules Page for more information.
- Filtering Rule: See Creating Filtering Rules from the Events Page and Filtering Rules from the Orchestration Rules Page for more information.
- Alarm Alarms provide notification of an event or sequence of events that require attention or investigation. Rule: See Creating Alarm Rules from the Events Page and Correlation Rules for more information.
- Notification Rule: See Creating Notification Rules from the Events Page and Correlation Rules for more information.
Note: Users in the Investigator role can create suppression rules but cannot create filtering, alarm, or notification rules.
Important: The Create Filtering Rule option is not visible if the Agent has sent the event.