2 Replies Latest reply on May 8, 2014 4:04 PM by rashid47010

    Number of standard correlation rules in ACE

    rashid47010

      HI,

       

      Can any body tell me what is the correct number of rules in ACE.

       

      I have one ACE where I have 322 rules and other have only 176 rules.

        • 1. Re: Number of standard correlation rules in ACE
          Scott Taschler

          The current number of pre-built correlation rules is 178.  Your ACE with 322 rules must have a fairly large number of custom rules.  You can see which ones are custom, and which are from McAfee, bu applinig a filter in the Policy Editor.  Set "origin" to "standard" to see the pre-built McAfee rules.

           

          Scott

          • 2. Re: Number of standard correlation rules in ACE
            rashid47010

            Hi scott

            Thanks for reply

            We have two running systems

            One is in production with 9.2.1. The ACE have 322 rules. Off course other then 178 rules are customized.

            Now the problem is that

            1- until i disable or delete them i can't roll out the polcies.

            2- as the polices are not rolling out the correlation should not work but some how correlation is working.

            3- actual problem is that events are parsing by these customized rules so what should we do

            4- our SOC team want these rules in new system9.3.2

             

            Now come to new system9.3.2

            1- i can't roll out policies until i delete those customized rules. This ESM was previously resundant of production system.

            2- why the new system is not supporting those custom rules.