|
|
|
You must specify the native event that you want the rule to suppress by setting a simple filter for the CEG event normalization fields. These four fields, which are part of the event-specific class, are provided for all events expressed in the CEG, allowing you to identify a native event precisely.
You can specify the combination of event normalization fields you want using the Simple Filters tab. You can also use advanced filters for further detail in event identification. You must specify at least one simple filter for a suppression rule.
To select a suppression rule event
Describes the broad class of technology involved in the event, for example, Firewall or Network Device.
Describes broad categories of events within the Ideal Model. For example, all account, user group, and role-related events are recorded under the "Identity Management" Event Category. Each Event Category has one or more classes (sub-categories), so any choice you make changes the available selections in Event Class menu.
Provides a more detailed classification of events in a specific event category. For example, Identity Management events are divided into one of three classes: account, group or identity. Each Event Class has one or more associated actions, so any choice you make changes the available selections in Event Action menu.
Describes common actions for each Event Category and Class. For example, Account Management, a class of the Identity Management category, contains account creation, deletion, and modification actions.
If you click Save and Close, the new rule appears in the list, otherwise the step you choose appears.
When you create a new rule, it is saved as version 1.0. If you later edit the rule, a separate copy of the rule is stored as a new version. You can view earlier versions, and apply or copy them as needed.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |