Creating rule sets

Rule sets group rules together and assign them to specific groups of endpoints. You can group rules into rule sets that address specific categories of sensitive information, or that monitor specific types of files.

For example, you might want to apply and monitor for specific rules on one group of endpoints, but not other groups. Or, you might want to apply a subset of the available rules to a group of endpoints.

You can view the number of rules that are assigned to each rule set, the computer groups that it targets, and whether there are any pending changes to any of the associated rules.

A rule set has no effect unless it contains at least one rule. The default rule sets contain at least one rule. The default rules cannot be edited, but you can delete them, or make a duplicate of a rule and customize it for your specific needs.

Test and verify rules before adding to rule sets.

Depending on the role and permissions you have been assigned, you can view rule sets or create and edit rule sets. For more information, see User role requirements. For example, if you have write permissions for rule sets, you can edit the content of rule sets. Conversely, if you do not have write permissions for rule sets, you can view the rule set information but not make edits and save changes.

Create a rule set

  1. From the Reveal menu, click Rule Sets. Click New Rule Set.
  2. Enter a name and description for the rule set.
  3. Select one or more rules to associate with the rule set. Click Add Rules and select the rules you want to associate with the rule set. Click Assign.
  4. Under Computer Groups, click Target Computer Groups to add computer groups that you want the rule set to target. The rules that are associated with the rule set are applied to the endpoints in the computer groups you specify. Click Assign.
  5. Click Save.

Add rules to an existing rule set

  1. From the Reveal menu, click Rule Sets.
  2. Click the title of the rule set to which you want to add one or more rules.
  3. Click Edit Rule Set.
  4. Click Add Rules and select the rules you want to associate with the rule set. Click Assign.
  5. Under Computer Groups, click Target Computer Groups to add computer groups that you want the rule set to target. The rules that are associated with the rule set are applied to the endpoints in the computer groups you specify. Click Assign.
  6. Click Save.

Delete a rule set

  1. From the Reveal menu, click Rule Sets.
  2. Select the check box next to the rule set that you want to delete.
  3. Click Actions > Delete. Enter your credentials to confirm that you want to delete the rule set.

Deleting a rule set does not remove any historical matches from any metrics.