Managing policies and rules Create, apply, and view policy templates and rules. Managing policies and rules Create, apply, and view policy templates and rules. Default Policy settings You can set up the default policy to operate in alerts only mode or oversubscription mode. You can also view the status of the rule updates and initiate an update. Rule operations There are several operations you can perform on the rules to manage them and generate the information needed. Assign tags to rules or assets You can assign tags to rules, indicating their attributes, and then filter the rules by their tags. The ESM has a predefined set of tags but also provides you with the ability to add new tags and new tag categories. Modify aggregation settings Aggregated events are events that have fields that match. Override action on downloaded rules When rules are downloaded from the central server at McAfee, they have a default action assigned to them. Severity weights Event severity is calculated based on the severity weight given to assets, tags, rules, and vulnerabilities. View policy change history You can view or export a log of the changes that have been made to the policy. This log can hold a maximum of 1GB of data. When it reaches this limit, the oldest files are deleted as needed. Apply policy changes When you make changes to policies, you must roll out the changes to apply them. Changes made at the default policy level are applied to all policies when you roll out to all devices. Manage priority traffic You can set up traffic to pass through the Nitro IPS without being tested against any rules.