Reporting: IPDB Event Source Specification

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode
 

This topic describes the IPDB event sources that you can specify. You can specify IPDB event sources either using wildcards or by specifying the complete address of the event source. The following table lists the supported IPDB event source specifications.

                             
Event SourceDescription
*:*:*:*:*All domains, sites, nodes, Device Types (Event Source Types) and event source IP addresses. Security Analytics supports a single site wildcard for domain and site. 
domain:site:*:*:*All nodes, device types, and event source IP addresses for the specified site.
domain:site:node:*:*All device types and event source IP addresses for the specified node.
domain:site:node:devicetype:*All event source IP addresses for the specified domain, site, node, and device type.
domain:site:node:devicetype:event-source-address1,domain:site:node:devicetype:event-source-address2,...domain:site:node:devicetype:event-source-addressN.Comma-separated list of event sources.
You are here: Reporting Module References > Rule References > IPDB Event Source Specification

Attachments

    Outcomes