Reporting: IPDB Event Source Specification

Document created by RSA Information Design and Development on Jul 29, 2016
Version 1Show Document
  • View in full screen mode
 

You can specify IPDB event sources either using wildcards or by specifying the complete address of the event source. The following table lists the supported IPDB event source specifications.

                      
Event SourceDescription
*:*:*:*:*All domains, sites, nodes, Device Types (Event Source Types) and event source IP addresses. Security Analytics supports a single site wildcard for domain and site. 
domain:site:*:*:*All nodes, device types, and event source IP addresses for the specified site.
domain:site:node:*:*All device types and event source IP addresses for the specified node.
domain:site:node:devicetype:*All event source IP addresses for the specified domain, site, node, and device type.
domain:site:node:devicetype:event-source-address1,domain:site:node:devicetype:event-source-address2,...domain:site:node:devicetype:event-source-addressN.Comma-separated list of event sources.
You are here: Reporting Module References > Rule References > IPDB Event Source Specification

Attachments

    Outcomes