2 Replies Latest reply on Mar 24, 2016 12:01 PM by yassinezeroual

    What is Data Source - Auto Learned rules?


      Hi All,


      Could you please help me to figure out what auto-learned rules is designed for? And when exactly are they created?

        • 1. Re: What is Data Source - Auto Learned rules?



          So i may stand to be correct but i believe they get created when you have a data source created and its parser gets activated.  so for example, if you have mcafee web gateway and it detects and virus it will send the SIEM this event probably using syslog.  as soon as the SIEM parsers it for the first time for that data source, it will create the auto-learned rule.  but it will only create an auto learned rule if a parser exists and and event that triggers that parser is received.

          • 2. Re: What is Data Source - Auto Learned rules?

            Data Source Rules on the Policy Editor are Auto Learned by the Receiver as it processes the information sent to it by data sources that are associated with the Receiver.


            All the rules at the Data source rules are auto learned and you can delete them.