Managing rules for assigning the VIP status to alerts

Users with the Senior security officer role can create, delete, modify, import and export a list of rules for assigning the VIP status to alerts.

You can create the following types of rules:

• IP. The VIP status will be assigned to new alerts associated with this IP address of the computer.
• Host name. The VIP status will be assigned to new alerts associated with this host name.
• Email. The VIP status will be assigned to new alerts associated with this email address.

Users with the Security auditor role can view, import and export a list of rules for assigning the VIP status to alerts.

Users with the Security officer role cannot view the list of rules for assigning VIP status to alerts.

Viewing the table of VIP status assignment rules

The table of rules for assigning VIP status is located in the web interface section of the program, in the Settings section, VIP status subsection.

The table contains the following information:

• Criteria—Criterion for adding an entry to the list of rules.
• Value—Value of the criterion.
• Description—Additional information specified when creating the rule.

Creating a VIP status assignment rule

To add a rule for assigning the VIP status to alerts:

1. In the main window of the program web interface, select the Settings tab, VIP status section.
2. In the upper-right corner of the program web interface window, click Add.

   The window for adding a rule opens.

3. In the Criteria drop-down list, select one of the following rule types:
   • IP, if you want to add a rule for a computer IP address.
   • Host, if you want to add a rule for a host name.
   • Email, if you want to add a rule for an email address.
4. Enter the necessary value in the Value field.

   For example, if under Criteria, you selected Email, enter the email address that you want to add in the Value field.

5. In the Description field, enter additional information if necessary.
6. Click Add.

The rule is added. The VIP status will be assigned to new alerts associated with the added IP address, host name, or email address.

Users with the Security auditor role cannot create VIP status assignment rules.

Users with the Security officer role cannot view the list of rules for assigning VIP status to alerts.

Deleting a VIP status assignment rule

To delete a rule for assigning the VIP status to alerts:

1. In the main window of the program web interface, select the Settings tab, VIP status section.
2. Select the check box to the left of each rule that you want to remove from the list.
3. If you want to delete all rules, select the check box above the list.
4. In the upper-right corner of the program web interface window, click the Delete button.

   The action confirmation window is displayed.

5. Click Yes.

The selected rules will be deleted.

Users with the Security auditor role cannot delete VIP status assignment rules.

Users with the Security officer role cannot view the list of rules for assigning VIP status to alerts.

Modifying a VIP status assignment rule

To modify a rule for assigning the VIP status to alerts:

1. In the main window of the program web interface, select the Settings tab, VIP status section.
2. Select the rule that you want to modify.

   This opens the rule editing window.

3. Make the necessary changes to the Criteria, Value and Description fields.
4. Click Save.

The rule is modified.

Users with the Security auditor role cannot modify VIP status assignment rules.

Users with the Security officer role cannot view the list of rules for assigning VIP status to alerts.

Importing a list of VIP status assignment rules

To import a list of rules for assigning VIP status to alerts:

1. In the main window of the program web interface, select the Settings tab, VIP status section.
2. Click Import.

   You will be prompted for confirmation of the list import.

   The imported list of rules for assigning the VIP status to alerts will replace the current list of VIP status alert assignment rules.

3. Click Yes.

   This opens the file selection window.

4. Select a JSON file containing the list of rules that you want to import and click Open.

   This closes the file selection window.

The list will be imported.

Exporting a list of VIP status assignment rules

To export the list of rules for assigning VIP status to alerts:

1. In the main window of the program web interface, select the Settings tab, VIP status section.
2. In the upper-right corner of the program web interface window, click the Export button.

The list of VIP status assignment rules is exported to a JSON file.

Filtering and searching by type of VIP status assignment rule

To filter or search for VIP status assignment rules by rule type:

1. In the main window of the program web interface, select the Settings tab, VIP status section.
2. Click the Criteria link to open the filter configuration window.
3. Select one or several check boxes next to the types of rules:
   • IP.
   • Host.
   • Email.
4. Click Apply.

The filter configuration window closes.

The table will display only the rules that match the filter criteria you have set.

You can use multiple filters at the same time.

Filtering and searching by value of VIP status assignment rule

To filter or search for VIP status assignment rules by rule value:

1. In the main window of the program web interface, select the Settings tab, VIP status section.
2. Click the Value link to open the filter configuration window.
3. Enter one or several characters of the rule value.
4. Click Apply.

The filter configuration window closes.

The table will display only the rules that match the filter criteria you have set.

You can use multiple filters at the same time.

Filtering and searching by description of VIP status assignment rule

To filter or search for VIP status assignment rules by description:

1. In the main window of the program web interface, select the Settings tab, VIP status section.
2. Click the Description link to open the filter configuration window.
3. Enter one or several characters of the description.
4. Click Apply.

The filter configuration window closes.

The table will display only the rules that match the filter criteria you have set.

You can use multiple filters at the same time.

Clearing a VIP status assignment rule filter

To clear the VIP status assignment rule filter for one or more filtering criteria:

1. In the main window of the program web interface, select the Settings tab, VIP status section.
2. Click to the right of the header of the table column for which you want to clear the filter conditions.

   If you want to clear several filter conditions, perform the necessary actions to clear each filter condition.

The selected filters are cleared.

The table will display only the rules that match the filter criteria you have set.