Using Custom Rules and Rule Responses to Forward Data
Use the Custom Rule wizard to configure forwarding of event data that matches rules in your system. Configure the rule response to forward event data to one or more forwarding destinations.
The criteria that determines the event data that is sent to a forwarding destination is based on the tests and building blocks that are included in the rule.
When the rule is configured and enabled, all event data that matches the rule tests are automatically sent to the specified forwarding destinations. For more information about how to edit or add a rule, see the Juniper Secure Analytics Users Guide for your product.
- Click the Offenses Log Activity tab.
- On the Rules menu, select Rules.
- In the Rules List window, select the rule to edit, or click Actions to create a new rule.
- On the Rule Response page in the Rule wizard, ensure that you select the Send to Forwarding Destinations option.