A statement is a logical grouping of rule criteria in the Rule Builder. You add statements to define what a rule detects.
The following graphic shows an example of a Rule Builder statement.
You must know the meta key and value for it.
For a complete list of meta keys, go to Alerts > Configure > Settings > Meta Key References.
To build a rule statement:
- In the Security Analytics menu, select Alerts > Configure.
The Rules tab is displayed by default.
- In the Rule Library, click > Rule Builder or edit an existing Rule Builder rule.
The Rule Builder view is displayed.
- In the Conditions section, click .
The Build Statement dialog is displayed.
- Name the statement. Be clear and specific. The statement name will appear in the Rule Builder.
- From the drop-down list, select which circumstances the rule requires:
if all conditions are met
if one of these conditions are met
6. Specify the criteria for the statement:
- Type the name of the Meta Key.
- For Evaluation Type specify the relationship between the meta key and the value you will provide for it.
The choices are: is, is not, contains, not contains, begins with, ends with
- Type the Value for the meta key.
Do not add quotes around a value. Separate multiple values with a comma.
- The Is Value An Array field indicates if the contents of the Value field represent one or more than one value:
- Yes indicates more than one value.
- No indicates one value.
8. To save the statement, click Save.