Source Defaults for Detection Rules
Detection rules let you raise alerts, fire notifications or tag activities.
Detection rules can be applied on data coming from any detection source across all products included in the Information and Cloud Security platform. Detection rules let you raise alerts, fire notifications and tag activities.
Source Defaults let you assign a detection rule to activity event sources. Endpoint Agent Source is selected by default. By selecting additional sources, you can use detection rules across activities provided by other products in the Information and Cloud Security suite.
This feature is in early access only. Contact your Proofpoint Account Representative or the Support Team for more information.
For example, if you want a rule to apply to all Endpoint activity, you select Endpoint Agent Source. In that case, the rule is applied to all Endpoint Agents across all Realms. Only activity from the selected source (Endpoint Agent Source) will trigger the rules.
Currently Source Defaults are available for Detection rules only.
Assigning a Source Default to a New Rule
You assign the source default when you add or modify a rule.
-
From the Proofpoint Information and Cloud Security Platform, select the Administration app. Select Policies > Rules.
-
Click New Rule. and then in the Detection Rule area, select Create Rule.
-
In General tab, complete the Name field and Description (optional) field.
-
Click Save.
Modifying Source Defaults for a Rule
-
From Rules ( Administration >Policies > Rules), click the rule you want.
-
The details area displays. You can do either of the following:
-
Click Edit and from the Assignment tab, in the Source Defaults area, select the source defaults you want.
-
Scroll down to the Assignments area and click Edit.
-
Related Topics: