Create a New Policy

Applies to Product: USM Appliance™ LevelBlue OSSIM®

Policies can be created with actions or without actions in instances where the consequences are SIEM, logger, and forwarding consequences.

To create a new policy

  1. Go to Configuration > Threat Intelligence > Policy.
  2. If you want to create a policy for an external event, click New in Default Policy Group. If you want to create a policy for a system event, click New in Policies for Events Generated in Server.

  3. Enter a name in the Policy Configuration page.

    Policy Configuration page from Policy.

  4. Configure the conditions that you want the events to match. See Create Policy Conditions for instructions on each field.
  5. Configure what you want to do with the events that have match the conditions. See Create Policy Consequences for instructions on each field.
  6. Click Update Policy.

  7. Click Reload Policies.

    Policy page with Reload Policies highlighted.