To create a rule using the wizard: 1 In the Custom Rules tab, click Create New Rule with Wizard.

The Rule Creation wizard is displayed. 2 In the Name field, enter a name for the rule. It is recommended that the name selected clearly reflect the nature of the rule (for example, Sensitive HR tables or PCI -DSS password protection).Click Next. The Rule Trigger page of the wizard is displayed. 3 In the If fields, define the first rule comparator statement as follows: Identifier from the dropdown list. dropdown list. a string, the text must be enclosed in single quotation marks. Add. The comparator statement appears in the textbox. 4 If the rule is to include more than one comparator statement, enter the relevant Boolean operator (AND, OR, or NOT) in the fourth field and then define the next comparator statement. Repeat for additional comparator statements as required. 5 Click Next. The Rule Action page of the wizard is displayed. 6 In the Then area, select the action(s) to be taken when a statement matches the rule. 7 To send an alert if the rule is matched, select Send Alert to and select the relevant alert options: Send alert to Console and then select the alert priority from the dropdown list (Low, Medium or High). SNMP Trap. (If SNMP is not enabled in the System SNMP properties, this option is disabled.) ng Twitter if the rule is matched, select Twitter. (If Twitter is not enabled in the System properties, this option is disabled.) Syslog. (If SysLog is not enabled in the System Syslog properties, this option is disabled.) Windows event log. (If Windows event log is not enabled in the System properties, this option is disabled.) ct Log to file. (If Log to file is not enabled in the System properties, this option is disabled. ) .

To send the alert to an email address, select Send alert to email and configure the receiving mail address(es). The email server settings must be configured in the System screen in order to route e-mail alerts correctly. location), select Archive. This option is suitable for auditing information that does not need to be monitored on a day-to-day basis. 8 To terminate a session if the rule is matched, select Terminate. 9 To enable the VPN-1/FireWall-1 to block the connection, select Create VPN-1 SAM rule and configure the following parameters: 10 To allow the statement to be processed if the rule is matched, select Allow. (This enables you to create an exception to a rule that appears later in the policy.) 11 To stop the matching process if a rule is matched, select Stop Verifying Additional Rules. This is the default setting when the Rule Action is set to Allow. If this option is not selected the matching process will continue to search for a match. 12 (Optional) Expand the Advanced section to configure the advanced parameters: Limit alerts per second: Set the maximum number of alerts that can be generated per second or Unlimited (the default value). Limit alerts per session: Set the maximum number of alerts that can be generated per session or Unlimited (the default value). Mask Sensitive Data and enter a regular expression in the Regular Expressions text box using standard regular expression syntax. box, enter a value to be masked and click Test. Apply action when rule triggers. Then, in the adjacent fields, specify the minimum number of alerts within the number of seconds, minutes or hours, required to trigger the actions. When this option is configured, a single alert is generated for multiple instances of the same rule violation. 13 To select the DBMSs to which the rule is to be applied, click Install On. The Install on DBMSs and DBMS Groups page is displayed. 14 Select one or more relevant DBMSs and/or DBMS Groups, and click Save to return to the rule definition page. The selected DBMSs and DBMS Groups are listed in the DBMSs and DBMS Groups fields respectively. 15 To assign a tag to the rule, enter the tag name in the Tags field or enter a space in the field to select the tag from the dropdown list. 16 By default, all users can edit the properties of a custom rule. To limit the ability to edit the properties of this rule to specific users or users assigned to a specific role, enter the user names or role names in the Role Restriction field. 17 Click Next. The Rule Comment page of the wizard is displayed.

18 In the Comments field, enter a free text description/comment. It is recommended that you indicate the reason for creating the rule. 19 Click Next. The Enable Rule page of the wizard is displayed. 20 To enable the rule, select Enable Rule. Note: You can enable/disable the rule at any time by selecting/clearing the Enable Rule checkbox. 21 Click Finish to save the rule. The rule is validated and saved.