User guide
iGuard/inSight User Guide
Release 7.0.0.4
97
Note: Rule state is especially significant because you cannot run more than 256 active rules.
To activate a 257th rule, you must deactivate an active rule.
View Rules
All rules are components of policies. To view individual rules:
1. Go to the Policies tab.
2. Click on a policy to open it.
3. Scroll down (if necessary) to view its list of rules.
4. To see what is in a rule, click on the rule name.
The Edit Rule window launches, showing the original search conditions set up for the rule.
Create a Rule
You must first find out if you have permission to create rules. Administrative users can create any
type of rule, and they can assign those privileges to any user group.
When you create a new rule, you customize it to your operation so you can get only the information
you need from captured data. You can either add the rule to an existing standard (ERM) policy, or
you can create a custom policy and add the rule to it.
Before you decide whether you are creating rules from scratch or as part of a standard policy, you
should understand the inheritance model.
Best Practice: You can do several iterations of the rule before you finalize it so that you can
tune it to extract the same kind of significant data whenever it is run.
For example, suppose you want to create a rule that will catch all transmissions to and from an
unfriendly country.
1. Go to Capture > Basic Search or Capture > Advanced Search.
2. In the search box, enter the names of the countries you want to find.
You can either type them in or use the "?" to launch a list.