Orchestration rules are processed in the order they appear on the Orchestrate page. For example, a rule with priority 1 is processed first and then the rule with priority 2, etc. You can determine when to stop processing rules in the orchestration rule pipeline. For example, assume that you have configured the following rules:

• Rule A (priority 1): Delete an event if the attacker's IP address is 192.0.2.3.
• Rule B (priority 2): Send an email notification with the event details to specific users.

If you don’t want to send this event in an email to the users, you can stop processing any subsequent rules after processing Rule A.

To stop processing more rules: