How to Configure a Rule

This section contains a step by step walkthrough of the process for creating a rule.

1. Visit the Rules App by clicking the Rules Icon in the left rail of the Falkonry AI Cloud.

1. You will be taken to the Rules App main page. Click the New Rule button in the upper right corner of the screen to begin creating a new rule.

1. You will be prompted to give your new rule a name. Note: at this time it is not possible to edit the names of rules in the future. You may also give the rule a description which may be useful to help users understand what a rule is for, or what steps should be taken when the rule is triggered. Click the Create button to create the rule. You will be taken to the Rule Configuration tab.

4. The Rule Configuration tab has three sections.

a. The left side of the tab has all the settings for configuring your new rule.

b. The upper right section of the tab displays the input signals for your new rule and helps you understand when your rule will be triggered. Each input signal chart displays:

i. a line representing the signal data for the rule Statistic used in the rule criteria. You may use the Signal Appearance menu to switch the chart view to the standard 'five lines' view. ii. a threshold line indicating the value of the rule condition. These will update if the value of the rule condition is changed.

c. The lower right section of the tab displays reference signals which can be used to help guide rule configuration and interpretation. The rule criteria will not be applied on these signals.

1. To begin configuring your rule, select signals for the rule by clicking the Signal Selector icon on the Input Signals widget.

a. Select the signal source for your rule. This selection will automatically limit the search results to the selected signal source. At this time, a rule can only be created using one signal source.

i. All - these are all the available signals in the Falkonry AI Cloud. ii. User Provided - these are the signals sent from your systems to the Falkonry AI Cloud. User provided signals can be numeric or categorical. iii. Insights - these are the output signals from Falkonry Insights. Note: when this is selected, the search will display the name of signals being monitored by Falkonry Insights. The system will automatically identify the associated Falkonry Insights output signal. Insights signals are numeric. iv. Patterns - these are the output signals from Falkonry Patterns models. This includes Explanation Scores, Predictions, and Confidences. Explanation Scores and Confidences are numeric. Prediction signals are categorical. v. Rules - these are the output signals from Falkonry Rules. This includes both rule outputs and alert outputs. Use the rule name to search for rule outputs. Rules output signals are categorical.

b. Select the value type to further refine the signal search, numeric or categorical. Note that a rule can only be created on one value type at this time. c. Select one or more signals using the signal search dialog box and click apply.

1. Optionally, you may add signals to the reference signals section by clicking the signal selector icon to assist in the rule creation process. Up to 50 signals of any type may be added to the reference section.

7. Select criteria for the rule.

a. Numeric Signals:

i. Select a statistic for the rule condition. Depending on the duration of the evaluation window, the rule is calculated with aggregations of signal data rather than raw values. ii. Select a condition type. iii. Enter a value for the condition. Note: you may enter any number.

b. Categorical signals:

i. Select a condition

a. Choose "is" if only one label is relevant. b. Choose "is one of" if the rule should be triggered by more than one condition.

ii. In the Value field, enter a label. This field is case sensitive, so make sure the label you enter exactly matches the label of the signal. Use commas to separate labels when entering more than one label. Do not include a space between labels. Note: if two or more signals share a label in your rule, you only need to enter that label once.

1. Select an evaluation window length by selecting a unit of time, and entering a value. The evaluation window will determine the length of time used to assess your rule. To learn more about evaluation windows, please visit the glossary section of this article.
2. Select a density setting for your rule. The density setting will determine the percentage of the evaluation window for which the rule condition must be satisfied to trigger the rule. To learn more about the density setting, visit the glossary section of this article.
3. If your rule has more than one input signal, select a coverage setting for your rule. The coverage setting will determine the percentage of the rule input signals for which the condition and density must be satisfied to trigger the rule. To learn more about the coverage setting, visit the glossary section of this article.

11. Select an alerting cadence for this rule. An alert is a secondary output to a rule which is created based on your selected cadence, rather than every time the rule assessment is True. This can be useful for notifying relevant team members with reduced noise. To learn more about alerts, visit the glossary section of this article [insert link to glossary]

a. Never - this rule will never create an alert. b. Once per day, at most - If it has been at least 24 hours since the most recent alert, the next time the rule assessment is True, an alert will be created. c. Once per hour, at most - If it has been at least one hour since the most alert, the next time the rule assessment is True, an alert will be created. d. Every time - An alert will be created every time the rule assessment is True.

1. At this point your rule is ready, you may activate the rule by selecting Start Monitoring in the Monitoring Action Menu in the upper right corner of the screen. Optionally, you may add a comment to help track modifications to the rule over time. You can see the status of the 'start monitoring' flow in the Activities page, or see outputs from your rule on the Rule Dashboard.