Exporting Rules

Exporting rules is done by selecting the rules you wish to export and providing the location for the export file.

The export of System Rules that are included in the ITM On-Prem (ObserveIT) Insider Threat Library (ITL) is managed by ObserveIT. The exported ZIP file is distinguished from the standard export zip file by its name. For details, see Importing System Rules from the Insider Threat Library.

The export of rules is done from the Manage Alert & Prevent Rules page in the ITM On-Prem Web Console. You can navigate to this page via Configuration > Alerts > Alert & Prevent Rules.

The Alert & Prevent Rules page displays a list of currently configured rules. For details about the information displayed for each rule, see Viewing Rules.

To export rules

1. In the list of configured rules, select the individual rules or categories (with rules) that you want to export, and click the Export hyperlink from the More Actions drop-down list. Categories that don't have rules cannot be selected.

   

   The Dependencies and List Exporting Method window opens. For example:

   

2. To protect privacy, Private lists cannot be exported with their Items. The lower part of the window displays the names of all the Public lists of Users and General types that were selected for export. For each List, you can select Yes or No to choose whether or not to include the List's Items in the exported file. The default for Users lists is No, the default for General lists is Yes.

   Upon successful export of the rules, a ZIP file is automatically created and identified by the current date and time in the format: Alert Rules - YYYY-MM-DD--HH-MM.zip. The exported ZIP file will include all the rules' properties including their Categories and associated Lists.

3. Save the file to a location on your computer from where you can import the rules.

For details on how to import the exported file, see Importing Rules.