Creating a rule

Each rule can be enabled or disabled anytime. When a rule is enabled, the system will automatically onboard or send to quarantine matching accounts according to the given rule actions. The rules apply to just discovered accounts but not to the accounts that are already onboarded or sent to quarantine by the rules. In practice, it means that after a particular rule is changed, its actions will be applied to the accounts that were discovered after the changes are saved.


../../_images/en-discovery-rules.png

In order to create a rule, proceed as follows:


  1. Select Management > Discovery > Rules
  2. Click Add
  1. Enter rule’s name.
  2. Optionally, enter rule’s description.
  3. In Configuration section:

5.1. Select Account category (privileged, non-privileged or all).

5.2. In the Account name field select consists, starts with or ends with and provide a specific string for the target account name(s).

5.3. Define Actions:

5.3.1. Send to quarantine or

5.3.2. Onboard by adding the discovered accounts to the Safe and/or Listener. Please note that listeners with bastion mode are supported only.

../../_images/en-discovery-new-rule.png
  1. Click Save.

Related topics: