|Applies to Product:||USM Appliance™||AlienVault OSSIM®|
Policies can be created with actions or without actions in instances where the consequences are SIEM, logger, and forwarding consequences.
To create a new policy
- Go to Configuration > Threat Intelligence > Policy.
- If you want to create a policy for an external event, click New in Default Policy Group. If you want to create a policy for a system event, click New in Policies for Events Generated in Server.
Enter a name in the Policy Configuration page.
- Configure the conditions that you want the events to match. See Create Policy Conditions for instructions on each field.
- Configure what you want to do with the events that have match the conditions. See Create Policy Consequences for instructions on each field.
- Click Update Policy.
Click Reload Policies.