Rule and Report Groups
Using Rule Groups in Query Criteria
To populate the Rule field of the Query Event Data bar using rule groups, follow these steps:
Step 1
Navigate to the Query page.
Step 2
Click Any in the Rules field of the Query Event Data bar.
The Filter by Rule dialog box appears as shown in
Step 3
Select the rule group in the dropdown list above the list of rules, as shown in
The list of rules will display only those rules in the selected rule group.
Figure 21-19
Click the checkboxes of the rules to include in the query.
Step 4
Click Add. The selected items appear in the lefthand pane of the Query dialog box.
Step 5
To remove rules, highlight the items to remove in the lefthand pane, then click Remove.
Click Apply.
Step 6
The selected rules appear in the Rules field of the Query Event Data bar.
User Guide for Cisco Security MARS Local Controller
21-34
Rule Group Used to Populate Rule Criterion in Query
Figure
21-19.
Chapter 21
Rules
Figure
21-14.
78-17020-01