UAM provides both wizard-driven rule creation and the ability to create custom rules not covered by the wizard.
Use the wizard if you want to monitor one or more of the following:
Rules that trigger when a certain process terminates.
Rules that trigger when a log file decreases in size.
Rules that trigger when certain commands are run by root.
Rules that trigger when certain commands are run by users other than root.
Rules that trigger when certain files are changed or created.
Rules that trigger when anything in the system changes. For example: Login, logout, auditing.
To start the wizard, click Edit Rule Set in Rules Management screen, then click Wizard > Rule Wizard, and continue with the configuration as prompted.