Create an Event Scoring Rule
You can create rules for the log events by defining the matching condition and corresponding actions to take when a condition is met.
To create a rule for scoring log events:
- Log in to Juniper Security Director Cloud.
-
Select Shared Services >
Insights > Rules >
Event Scoring Rules.
The Event Scoring Rules page appears.
- Click the plus icon (+).
The New Event Scoring Rules page appears, on which you can define the rule’s condition and actions.
- In the Rule Name text box, enter a unique name for the rule and the select the match type Match Any or Match All.
- In the Condition section:
Select the field name from the list.
For the selected event, select a condition from the list.
For the selected condition, provide the value.
If you are defining more than one condition, click the + icon.
-
In the Actions section:
-
Select a required action from the list, such as Raise or Lower Severity, Set Severity (value), Check feed, and Skip remaining rules.
-
For the selected action, assign the additional actions from the list.
-
If you are defining more than one action, click the + icon.
-
-
Click OK.
A new rule is created and listed on the Event Scoring Rules page.