Does any one know if you can create custom rule policy by app?, I tried by process name and parent process but I still see alerts despite I created and add ignored action. so I want to know if I could apply this ignored action to every process comes from one app.
Good Day AnaisRomero,
I hope that this note finds you well. In your use case I think that scoping the runtime rule with either an encompassed custom rule defined or process definition to a collection that correlates to the app should be what you need. Collections are the primary scoping utility within the console and when you define the collection that the application is in you can then create the runtime rule with the scope correlated to this collection. You will probably need to check the sequence that the runtime rules are defined in executing so that the new rule is listed before any rule that would potentially execute with a larger scope. As a general guidance, in setting up runtime rules or any other console defined rules, you will be best to have the rules with a narrower scope higher up on the list than rules with a larger scope. Hopefully this helps. Please let me know if you need any additional information.
J. Avery King
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!