The Create Event Source Group form is displayed when you are creating or editing an Event Source Group.
Procedures related to this form are described in Create Event Source Groups and Edit or Delete Event Source Groups
The Create Event Source Group form has several fields and rules.
|Group Name||This field is required, and appears throughout the Security Analytics UI as the identifier for the group.|
|Description||An optional description to help describe the purpose or details for the group.|
The following items are available on the toolbar:
When you add a new group, that has the effect of creating nested levels of conditions.
|Conditions||Described below, in the Rule Criteria table.|
Cancel / Save
|Cancel and Save buttons are available in the form.|
The rules that you specify determine the event sources that will become part of this event source group. A rule consists of the following:
- Grouping: how the rule interacts with other rules
- Attribute: which attribute the rule is matching against
- Operator: how the rule matches the attribute
- Value: the attribute value used for the rule
The following table provides details on these rule constructors.
You can group conditions, in order to create complex rules for an event source group. The following choices are available when grouping your rules:
If you are creating a simple group, and specifying a single condition, you can leave the default value (All of these) selected.
This contains a drop-down list, consisting of all event source attributes. The attributes are displayed by the section to which they belong. For example, all of the Identification attributes are displayed first, followed by the Properties, Importance, and so on.
Choose from the following options:
Enter a value or group of values. The value type depends on the attribute for the condition. For example, for IPv6, you need to specify a value in IPv6 format.