How do you handle lists in rules

Hello everyone,

Imagine the following szenario: You have a bigger infrastructure and you have different systems in that environment. Let's say you have different rule approaches to several subsets of systems (identified by IP addresses). And you like to manage this sets of systems in one place.

=> The problem for me currently is: List are not allowed in rules, which means when I have multiple rules that target a specific subset of systems I have to change each rule. Is it possible to centralize such system identifiers?

The current options that I figured out so far are the following:

  • Maybe use building blocks and check for triggers
  • Use the pipeline in order to tag systems

How do you do this for yourself?

1 Like

We are having similar issues. Lists should be reusable somehow. For example a list of user names of developers who are triggering alerts on several rules.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.