Data source rules

The list of data source rules includes predefined and auto learned rules.

The Receiver auto learns data source rules as it processes the information sent to it by the data sources that are associated with the Receiver.

The Data Source option in the Rule Types pane is only visible when a policy, data source, Advanced Syslog Parser, or Receiver is selected in the system navigation tree. The description area at the bottom of the page gives detailed information concerning the selected rule. All rules have a severity setting that dictates the priority associated with a rule. The priority impacts how the alerts generated for these rules are shown for reporting purposes.

Data source rules have a defined default action. The Receiver assigns it to the event subtype associated with the rule. You can change this action (see Set data source rule actions).