From the Library, select the Monitoring Rules item to see a list of existing rules.
The list shows the rule name, status (enabled or disabled), creation date, and the number of devices to which the rule applies.
Right-click any rule to access the contextual menu:
To create a rule, define trigger(s) to form the Conditions list. All available triggers are detailed in the Triggers Glossary.
Xcalibur W can record alerts as Incidents whose start and end dates are the dates of the first and the last alerts received.
Xcalibur W can optionally assign a maintenance task to a particular rule. This feature automatically executes a task when an incident is open and/or is closed. A Maintenance Task can be any of the tasks in the Task Templates section.
Xcalibur W can optionally notify by sending e-mails. As a result, email recipients are notifed whenever an incident starts or stops. The recipient lists can be set in the Notification section.
When you add a new trigger, the following configuration screen allows you to provide the parameters for the selected trigger :
You can elect to define the number of consecutive matches for the condition that are required before raising an alert.
This option is available only for the following triggers :
To assign a rule to devices (or unload), click Load Rule on the contextual menu, or just double-click the rule. A new command named Monitoring Rule is added to the Command Queue and can be published to the selected devices. For more information, see Publishing Tasks.
Rules are stored on the device file system in an unprotected area - part of the FBWF exclusions list.
|If the device(s) are protected by an EWF Write Filter, activate/deactivate Maintenance mode in the task - otherwise, the rule may not persist onto the devices.|