Apply Suppression and Summarization Rules

Administration Guide › Integrations and Connectors › How to Create an Integration › Apply Suppression and Summarization Rules

Apply Suppression and Summarization Rules

You can apply both suppression and summarization rules to an integration to streamline event refinement. When the integration is configured as a connector, suppression and summarization rules are applied before being sent to the event log store. The suppression and summarization check is in addition to the suppression and summarization check made at the event log store.

For example, you can apply a suppression rule so that unwanted Windows events are not sent to a WMI agent. Network traffic is reduced and these events never reach the event log store.

Important! Create and use suppression rules cautiously because they prevent the logging and the appearance of certain native events entirely. We recommend testing suppression rules in a test environment before deploying them.

To apply suppression and summarization rules

Open the integration wizard and advance to the Suppression Rules step, or the Summarization Rules step.
(Optional) Type in the rules pattern entry field to search the available rules. As you type, the rules that match your entry are displayed.
Select the rules you want, using the shuttle control.
Click the appropriate arrow to advance to the wizard step you want to complete next, or click Save and Close.
If you click Save and Close, the new integration appears in the user folder list, otherwise the step you select appears.

More information:

Suppression and Summarization Rules Tasks

Add Integration Components

Set Default Configurations

Set File Log Configurations

Email CA Technologies about this topic