cancel
Showing results for 
Search instead for 
Did you mean: 

Number of standard correlation rules in ACE

HI,

Can any body tell me what is the correct number of rules in ACE.

I have one ACE where I have 322 rules and other have only 176 rules.

2 Replies

Re: Number of standard correlation rules in ACE

The current number of pre-built correlation rules is 178.  Your ACE with 322 rules must have a fairly large number of custom rules.  You can see which ones are custom, and which are from McAfee, bu applinig a filter in the Policy Editor.  Set "origin" to "standard" to see the pre-built McAfee rules.

Scott

Re: Number of standard correlation rules in ACE

Hi scott

Thanks for reply

We have two running systems

One is in production with 9.2.1. The ACE have 322 rules. Off course other then 178 rules are customized.

Now the problem is that

1- until i disable or delete them i can't roll out the polcies.

2- as the polices are not rolling out the correlation should not work but some how correlation is working.

3- actual problem is that events are parsing by these customized rules so what should we do

4- our SOC team want these rules in new system9.3.2

Now come to new system9.3.2

1- i can't roll out policies until i delete those customized rules. This ESM was previously resundant of production system.

2- why the new system is not supporting those custom rules.