USM Anywhere™

Managing Orchestration Rules

Role Availability Read-Only Analyst   Manager

USM Anywhere enables you to manage your own orchestration rules. To view orchestration rules, go to Settings > Rules. The All Orchestration Rules page opens. The page displays the list of rules and includes these parts:

  • On the left side of the page is the navigation pane used to open the available rules and the correlation lists.

  • At the top of the page, you can see the filters that you can apply. You can filter by name and by rule status.

  • The main part of the page is the list of rules, where each row describes an individual rule. You can enable, disable, edit, and delete a rule. You can also select a rule by selecting the checkbox to the left of the rule. You can select all rules at the same time by selecting the first checkbox in the column. The enable and disable rules buttons display when you select a rule. You can also expand the details of a rule. See Orchestration Rules Details for more information.

All Orchestration Rules Main Page

The following table lists the fields you see on the page.

Fields on the All Orchestration Rules Page
Field Description
Type Type of rule
Name Name of the rule
Conditions Conditions applied by the rule
Last Modified Date of the latest modification
Enabled Icons to enable or disable the rule
Icons to edit or delete the rule

Orchestration Rules Details

USM Anywhere provides visibility on how your rules behave. Click any rule on the All Orchestration Rules page to display the details.

Details of a Rule on the Orchestration Rules Page

Note: The default time range for the trend chart is 24 hours. You can click Last Hour, Last Day, or Last 7 Days to change the time range.

You can see the following information:

  • Evaluations vs. Hits: This graph shows the progress of the rule triggers over the last 7 days, 24 hours, or 1 hour.

  • All Systems: This combo box displays when you have expanded a filtering rule. Choose between the control node or the sensor. Choose the All Systems option if you want to display the data of both control node and sensor.

    Expanded Filtering Rule

  • Average Duration: The rule evaluation's average duration in milliseconds.

  • Evaluations: How often a rule has been evaluated.

  • Alarms Triggered: How often the rule has executed the associated action. This number might be different than Hits if the rule has a mute period assigned.

  • Important: This field only displays when you have expanded an alarm rule.

  • Total Evaluation Rate: How often the rule is evaluated against the total number of events. Rules are only evaluated if the event contains all the fields specified in the rule criteria, so providing detailed criteria might reduce the ingestion rate and, therefore, improve the performance.

  • Hits: How often a rule has matched its criteria against an event.

  • Rules History: This table shows the user who has made an action related with an orchestration rule, the action, and the date of creation.

  • Created: The date of creation and email of the user.

  • Updated: The data of the update and email of the user.

Orchestration Rules Management

To filter orchestration rules by name

  1. Go to Settings > Rules.
  2. Click the box next to Filter by.
  3. Enter your search.

To filter orchestration rules by rule status

  1. Go to Settings > Rules.
  2. Click the combo box next to Rule Status.
  3. Select All Rules, Enabled, or Disabled.

To edit an orchestration rule

  1. Go to Settings > Rules to open the All Orchestration Rules page.
  2. Click the icon of the orchestration rule you want to edit.
  3. Modify the data of the items that need to be modified.
  4. Click Save Rule.

To delete an orchestration rule

  1. Go to Settings > Rules to open the All Orchestration Rules page.
  2. Click the icon of the orchestration rule you want to delete.
  3. Confirm by clicking Accept.

To enable an orchestration rule

  1. Go to Settings > Rules to open the All Orchestration Rules page.
  2. Click the icon of the orchestration rule you want to enable.

To disable an orchestration rule

  1. Go to Settings > Rules to open the All Orchestration Rules page.
  2. Click the icon of the orchestration rule you want to disable.

To enable all orchestration rules

  1. Go to Settings > Rules to open the All Orchestration Rules page.
  2. In the list of rules, click the first box in the first column to select all the orchestration rules.
  3. Click Enable All Rules.

To disable all suppression rules

  1. Go to Settings > Rules to open the All Orchestration Rules page.
  2. In the list of rules, click the first box in the first column to select all the orchestration rules.
  3. Click Disable All Rules.
  4. Confirm by clicking Accept.

To show triggered alarms rules or suppressed events

  1. Go to Settings > Rules to open the All Orchestration Rules page.
  2. Click the icon.
  3. This icon is available for the Event Suppression and Create an Alarm rows.

    Depending on the selected option, the Events List view page or the Alarms List view page opens. The page includes the selected filter and you can see how many alarms or events are matching with the selected filter.

To show triggered alarms rules or suppressed events

  1. Go to Settings > Rules to open the All Orchestration Rules page.
  2. In the row, click the icon.
  3. This icon is available for the Event Suppression and Create an Alarm rows.

    Depending on the selected option, the Events List View page or the Alarms List View page opens. The page includes Rules Name as a filter so that you can see how many alarms or events are matching with the selected rule.