Adding a Watch List to a Rule
- Go to Analytics > Rules.
- Select the rule you want to add the watch list to, and then click Edit.
- Next to Watch Lists, click Edit.
- Select the watch list you want to add, and use the Add >> button to add it to the rule.
- For Incident Attribute, select the incident information you want to add to the watch list.
Watch List Attribute Type Must Match Incident Attribute
The Type that you set for the watch list must match the Incident Attribute Types for the rule. For example, if your watch list Type is IP, and the Incident Attribute Type for the rule is string, you will not be able to associate the watch list to the rule.
- Click OK.
Next to Watch Lists, you will see Watch List has been defined.