- 22 Oct 2024
- 1 Minute to read
- DarkLight
Creating Actions
- Updated on 22 Oct 2024
- 1 Minute to read
- DarkLight
The next step in the Create Rule and Action Wizard is to create an action that is to be taken when an event matches the rule(s) you have defined in the previous wizard steps.
To create an action
In the Create Rule and Action Wizard proceed to the Create Action step.
Select the required action type from the Action Type list menu.
Define the action type by selecting the required type from the corresponding list:
Launch Workflow. With this action you start and/or customize a workflow to connect the selected item to a remote process or workflow.
Multiple actions can be achieved by launching a workflow, such as:
Creating an alert via email.
Pre-defined workflows are available for whitelisting, graylisting, or blacklisting IP addresses, devices, etc.
Alert category placement. This action serves to raise an alert for a matched record and making it available in the SUPERVISE & INVESTIGATE menu for further review.
For more information about creating and modifying alerts, see Delaying or delegating event processing: alerts and alert management.
Click Save Action.
The added action will be displayed in the field next to the Save Action button. Add further actions if required.
Click Save & Next to complete creating the action.
You can edit or delete a previously defined action any time by selecting the required item and action, and clicking Edit Action or Delete Action.
You can also add an action to the existing rules by clicking Create Action in the relevant rule.
You can launch several actions simultaneously for a single hierarchy item.
Next steps
Proceed in the Create Rule and Action Wizard to add further rule parameters:
Set the Response/Status (see Setting the response/status).