USM Anywhere follows a specific order for applying orchestration rules
- Filtering Rules. These rules are essential to control the traffic of your eventsAny traffic or data exchange detected by AlienVault products through a Sensor, or through external devices such as a firewall.. USM Anywhere does not process nor save events that match a filtering rule.
- Suppression Rules. USM Anywhere saves the events that match a suppression rule, but does not correlate these suppressed events. By default, USM Anywhere hides these suppressed events. If you want to see these events, click Suppressed in the Search & Filters area. The suppressed events will be displayed in the table along with all events.
If you want to display just the suppressed events, see To only display the suppressed events.
- Notification, Alarm, and Response Action Rules. USM Anywhere processes and correlates all events that match one of these rules.
The following diagram summarizes the workflow of orchestration rules