Values and groups of values in rules
For many policy rule criteria, you can specify a single value or a group of values. It is also possible to simultaneously specify both a single value and a group of values.
Be aware that a group member may contain wildcard (%) characters, so each member of a group may match multiple actual values.
- Negative rules: use the != or Not in group operators to create a negative rule. For example, not the specified Application user or not any member of the selected group. It is also possible to exclude both single values and a group of values. For example, define two negative Application user rule criteria, one using != for a specific user and another using Not in group to exclude members of a selected group.
- Empty value: enter the special value guardium://empty to test for an empty value in the traffic. This is allowed only in the following fields: Application event text, Application user, Database name, Database user, Event type, Event user name, Operating system user, and Source application.
- Define a new group to be tested: select the In group or Not in group operator and click the icon to define a new group.
- Match any value: select the = operator and leave the value field blank.
- Match a specific value: select the = operator and enter the value to match in the text field.
- Match any member of a group: select the In group operator, select the group from the list of groups. If the minimum count is greater than one, there will be a single counter, and it will be incremented each time any member of the group is matched.
- Match an individual value or any member of a group: define two rule criteria, one using the = operator to match a specific value and another using In group to match members of a selected group. If the minimum count is greater than one, there will be a single counter, and it will be incremented each time the individual value or any member of the group is matched.
- If the minimum count is greater than one, count each individual value separately: select the = operator and enter a period (.) in the value field. Note that the period option cannot be used for the Service name or Network protocol criteria.
- If the minimum count is greater than one, count each member of a group separately: select the In group operator and select a group from the list.