When exporting rules, consider the destination of the rules. You might export one set of rules for internal use and another to share with other members of the Carbon Black community.
The following are some points to keep in mind when exporting rules:
- Proprietary Information – It is possible that a rule can reveal information that you might prefer not to share outside your organization. Such information can include path or user names, or comments in the Description field of a rule. Note that you can choose not to export user and group specifications that are not well known SIDs.
- Environment Dependencies – For rules shared outside your environment, hard paths can limit the usefulness of a rule. Rules using macros might be more portable.
- On the console menu, navigate to the page.
- Select the tab for the type of rules (Custom, Registry, or Memory) you want to export.
All of the rules you want to export to one file must be showing on the current page. On dynamically scrolling pages such as the Custom rules page, if the current page is long enough that you must scroll the browser view to see rules at the bottom, you may select any rules that you can scroll to. To make it easier to see all of the rules you want to export at the same time, you can use filters, grouping, or a Saved View to change the page content.
- Check the box next to each rule you want to export and click the Export Rules button.
The Export Rules dialog appears. It shows the number of rules to be exported, provides a field in which to name the file, and includes other export options.
- Enter the file name (without extension) for the new export file.
This is the only mandatory field.
- Exported rules files are not readable as text, but to further protect the file, enter and confirm a password.
Be sure to have the password available for the users who imports the file.
- Check the Export SIDs box if all of the following is true.
- One or more of the rules you are exporting specify that they should be applied only for specific users or groups.
- These users or groups are not one of the well-known security identifiers (SIDs) on Windows systems.
- You are planning to import these rules to a server on which your non-well-known SIDs are present. This is more likely to be the case if you are transferring rules within the same organization.
- Optional. Enter a description that can help anyone importing rules from this file better understand what their purpose is.
- When you are ready to save the export file, click the Export button.
The dialog closes and the rules file is created using the standard download mechanism of the browser running the console.
For example, if you entered New Custom Rules in the Export File Name field, a file named New Custom Rules.rules might be written to the Downloads folder.
What to do next
Once you export the rules to a file, you can copy it to the host of another Carbon Black App Control Server or make it available via a network connection for import.