Setup Rules and Labels

Overview

In this article we will show you how to setup various rules while creating the appropriate labels to identify findings within your action center. This will hep proactive notification of potential risks by setting up filters and associated rules within BalkanID. Rules are "and" / "or" rules to ensure that coverage, across your integrated systems, is accurately captured.

Creating a Rule

1. To add an rule, you must first create filters that help define the entities you wish to create the "and" / "or" rules for. To start, create and save a filter from the Configure Group -> Users -> Filters page.

2. Once Filters have been saved, click on the Rules Tab within the Rules and Playbooks Page and select Create Rule as shown below:

3. In the Setup Rule side panel, type in the name of the rule and select the filters that apply to this rule. Additionally, select if this is an "AND" or an "OR" rule. Once that is complete, save the rule so you can start getting notified on identities that violate this rule.

4. You may select from a pre-defined set of labels. This will help the action center user understand not just what rule has been violated, but also what risk the finding poses.