Rules management in multitenant deployments
In a multitenant environment, you must customize rules to make them tenant-aware. Tenant-aware rules use the when the domain is one of the following rule test, but the domain modifier determines the scope of the rule.
The following table shows how you can use the domain modifier to change the scope of rules in a multitenant deployment.
| Rule scope | Description | Rule test example |
|---|---|---|
| Single domain rules | These rules include only 1 domain modifier. | and when the domain is one of the following: manufacturing |
| Single tenant rules | These rules include all the domains that are assigned to the tenant. Use single tenant rules to correlate events across multiple domains within a single tenant. | and when the domain is one of the following: manufacturing, finance, legal |
| Generic rules | These rules use the Any domain modifier and run across all tenants. | and when the domain is one of the following:Any domain |
By being domain-aware, the custom rules engine (CRE) automatically isolates event correlations from different tenants by using their respective domains. For more information about working with rules in a domain-segmented network, see Domain segmentation.