Complete the following steps to activate the rule set delivered with the latest version of UAM on your Agent computers. These rules that you configure perform event detection and alerting to send events that are filtered based on rules deployed to Sentinel.
To deploy rule sets to Agent computers:
Start the UAM.
Click Rules Manager.
Make any changes you want to make to the default rule set displayed in the Rule Manager, customize the rule set as needed until the rule set is correctly configured for your environment.
After you made changes to the rule set, save a copy by clicking File > Save/Save All and close the Save window.
In the Available Hosts list, select the Agent computers on which you want to deploy the rule set.
Click File > To Select Hosts.
Click Select to deploy the rule set. It might take up to 30 seconds for the new rule set to take effect.
Click Hosts > Scan All Hosts.
Verify that the rule set is active on the Agent computers. The Sentinel column shows green cells for all agents with an active rule set.