Use the General tab of the Role
Alert Rules window to configure the details of role alert rules.
Roles are associated with data sources. Each identity coming into the system
from a data source is assigned a role, based on how the data source is configured.
Role alert rules define when to generate a role alert, based on a conflict
between the roles assigned to incoming identities and identities associated
with entities in the entity database.
- Role Alert Rule ID
- The ID value is automatically populated with the next sequential number
not in use.
- Description
- Type a description for this role alert rule. This text displays in the
Visualizer whenever a role alert is generated based on this role alert rule.
- Severity
- A user-defined one-character code used to categorize the importance of
alerts generated from this rule.
- Match the severity of the role alert to its importance. This code displays
with role alerts generated from this role alert rule in the Visualizer. Analysts
use it to prioritize which alerts to review first, so the one-character code
should be meaningful to Visualizer users. For example, a role alert rule that
generates an alert whenever a passenger matches someone on a No Fly list might
be more critical to review than a role alert rule designed to generate an
alert whenever an employee knows a customer.
- Examples of severity codes include the following: C for
critical, N for neutral, I for interesting, H for
high, or L for low.
- Role 1
- From the drop-down list, select the first role for comparison in this
role alert rule.
- The role options that display are the existing, configured roles. If you
do not see the role that you want to select, configure the role on the Roles tab
first.
- Role 2
- From the drop-down list, select the second role for comparison in this
role alert rule.
- The role options that display are the existing, configured roles. If you
do not see the role that you want to select, configure the role on the Roles tab
first.
- Alert Group
- From the drop-down list, select the Visualizer analyzer group that will
analyze the role alerts that are generated from this role alert rule. For
example, you could direct all Passenger-No Fly List role alerts to a security
desk, and all Employee-Vendor role alerts to human resources.
- The group options that display are the active, configured Visualizer analyzer
groups with the code type of ANALYZER_GROUP. If you do not
see the group that you want to select, configure a new ANALYZER_GROUP code
on the Setup - General - Codes tab first.
- This is a required field, so even if your organization does not use the
Visualizer, you must configure and select an alert group code.