You can create a filter-based event routing rule and then assign one or more configured actions that are executed to handle or output the events that meet the event routing rule criteria.
From Change Guardian main, click Routing in the toolbar.
Click Create, then use the following information to create a new event routing rule:
Name: Specify a unique name for the event routing rule.
Criteria: Select a saved criteria to use in creating event routing rule. This criteria determines which events are stored in the event store.
Select tag: (Optional) Select a tag for tagging the filter. The tag makes the filter more specific.
Route to the following services: Select where the information is routed. The options are:
All: Routes the event to all services including Correlation, Security Intelligence, and Anomaly Detection.
Event store only: Routes the event to the event store only.
None (drop): Drops or ignores the events.
Perform the following actions: Select an action to be performed on every event that meets the filter criteria.
Select the email configuration that you already created using Policy Editor. For more information see, Configuring Email Servers to Change Guardian and Creating and Configuring Notification Groups
The actions listed here are different than the actions displayed in the Event Actions tab in the Change Guardian Main interface, and are distinguished by the <EventRouting> attribute in the package.xml file created by the developer.
Click Save to save the event routing rule.
The newly created event routing rule appears at the end of the rules list under the Event Routing Rules tab. By default, this new event routing rule is active.