Data source rules

Data source rules have defined default actions. The McAfee Event Receiver assigns it to the event subtype associated with the rule. The list of data source rules includes predefined and auto learned rules.

The McAfee Event Receiver auto learns data source rules as it processes the information sent to it by the data sources that are associated with the McAfee Event Receiver.

The Data Source option in the Rule Types pane is only visible when you select a policy, data source, Advanced Syslog Parser, or McAfee Event Receiver in the system navigation tree. The description area at the bottom of the page gives detailed information about the selected rule. All rules have a severity setting that dictates the priority associated with a rule, which impacts how the alerts generated for these rules are shown for reporting purposes.