Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Create an Event Scoring Rule

You can create rules for the log events by defining the matching condition and corresponding actions to take when a condition is met.

To create a rule for scoring log events:

  1. Log in to Juniper Security Director Cloud.
  2. Select Shared Services > Insights > Rules > Event Scoring Rules.

    The Event Scoring Rules page appears.

  3. Click the plus icon (+).

    The New Event Scoring Rules page appears, on which you can define the rule’s condition and actions.

  4. In the Rule Name text box, enter a unique name for the rule and the select the match type Match Any or Match All.
  5. In the Condition section:
    • Select the field name from the list.

    • For the selected event, select a condition from the list.

    • For the selected condition, provide the value.

    • If you are defining more than one condition, click the + icon.

  6. In the Actions section:
    1. Select a required action from the list, such as Raise or Lower Severity, Set Severity (value), Check feed, and Skip remaining rules.

    2. For the selected action, assign the additional actions from the list.

    3. If you are defining more than one action, click the + icon.

  7. Click OK.

    A new rule is created and listed on the Event Scoring Rules page.