Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Unable to generate rules on CSA MC and the "Rules for abc.xyz have complexity xxxx which exceeds the maximum of 7500" error message appears
The Rules for abc.xyz have complexity xxxx which exceeds the maximum of 7500 error message occurs because of the complexity check. Complexity is a check on the number of literals and number of distinct rules applied to a particular host. A literal is anything defined in a fileset.
For example, foo.exe is 1 literal and foo.exe, foo2.exe are two literals. In order to reduce the literals and thus generate rules successfully, you need to wildcard and generalize when possible. So foo*.exe changes the literals to 1 from 2, for example, from foo.exe and foo2.exe. The maximum literals is 7500.
The purpose is to prevent end systems slowness due to excessive processing time spent in every rule engine transaction.
In order to resolve this issue, reduce your rule set slightly and examine for duplicates.
An easy way to examine the duplicates is to choose Configuration > Policies. Scroll down to your policy and click the policy. On the next screen, scroll past the modules and onto the section called Combined Policy Rules. In this section, you see headers such as ID, Type, Status, Action, Log, and so forth. Click directly on the Type heading. This sorts the rules by type.