5.6.17. `Config - sigflow/rulesets`
screen of the legacy web UI
This screen is only accessible to members of the operator group.
Note
For administrator group members, the following message is displayed: `Error 403: Insufficient permissions`
`Rulesets`
command from the sub-menu `Config/Sigflow`
, the following screen is displayed.Creating files called rulesets.
Managing the categories and rules of Ruleset files. Once a file is generated, its content can also be managed, i.e. modification of categories and rules
Providing these files to the Sigflow detection engine of the GCap
Exporting these files to the local download directory with the extension rules
Note
`Rulesets`
screen contains the following sections:
Item |
Name |
Position |
---|---|---|
1 |
|
Indicates the list of defined signature sets |
2 |
|
Indicates that the current screen shows the list of existing rules |
3 |
|
Area of possible actions. The possible actions listed below depend on the context: |
4 |
|
|
5 |
|
Field indicating the number of rulesets available |
6 |
Description of a ruleset |
Includes the following types of information:
|
7 |
Search field |
Enables a search |
8 |
|
Displays the |
9 |
context menu |
Displays the management sub-menu for this source for access to the Edit source and Delete source commands |
After pressing the `View`
command button, the `Rulesets: view`
screen contains the following sections:
Item | Name |
Position |
|
---|---|---|
1 |
File name field |
Indicates the name of the file containing the selected ruleset. This includes the following fields: |
2 |
|
|
21 |
|
|
20 |
|
|
19 |
|
|
3 |
|
Area of possible actions. The possible actions listed below depend on the context. |
4 |
|
|
5 |
|
|
18 |
|
|
17 |
|
|
16 |
|
|
6 |
|
Area of possible actions. The possible actions listed below depend on the context. |
12 |
|
Button to display the file by source and then by category |
13 |
|
Button to display the file by rules, listed by SID |
14 |
|
Button to export the file |
15 |
|
Button to generate the rules file from the current file |
7
8
10
|
|
List of categories for each source. This includes three types of information:
|
4 |
Search field |
Enables a search |
Note
See the procedure Creating a SIGFLOW engine ruleset for:
Creating a Ruleset file
Managing its content, modifying categories and rules
Sending a Ruleset file to the Sigflow detection engine in the GCap
Exporting a file to the local download directory of the user PC with the rules extension
See the procedure Modifying SIGFLOW engine rules for:
The implementation of a transformation rule (Transform rule)
Deactivation of the rule of a transformation rule
Activation of the rule of a transformation rule
Threshold rule
The deletion rule (Suppress rule)
See the procedure Generating a SIGFLOW engine ruleset.