Filter observables rules

Use quick filters to display rule subsets based on your filtering criteria.

To view a list of currently configured observable rules:

  1. In the left navigation bar, go to Data configuration images/download/attachments/82474931/robot.svg-x24.png > Rules > Observable.

    To sort items by column header:

    1. Click the header of the column whose content you want to sort.

    2. Click or to sort the content in either ascending or descending order, respectively.

    To narrow down the results in the view, select one or more quick filter images/download/attachments/3604538/filter.PNG options, as needed.
    To show and to hide the available quick filters in the current view click images/download/attachments/3604538/filter.PNG .

  2. Select one or more options under Source to filter results based on incoming feed(s), enrichers, and groups used as data sources for the rules.

  3. Under Status click:

    1. Enabled to show only currently active rules.

    2. Disabled to show only inactive rules.

    3. Both options to display all rules.

  4. Select one or more options under Classification to display rules that flag matches as malicious, safe, negligible, or unknown/undefined.

You can combine multiple options from multiple filters to create complex filtering actions.

The number and the type of available quick filters may vary: quick filters are enabled and they become available only when the active view includes selectable values, and therefore applicable filtering options, for the data points the filters process.
You can also search for specific rule names by starting typing a rule name in the search filter field .