This topic describes the Advanced EPL Rule tab that you use to define rule criteria with an Event Processing Language (EPL) query.
To access the Advanced EPL Rule tab:
In the Security Analytics menu, select Alerts > Configure.
The Configure view is displayed with the Rules tab open by default.
The Advanced EPL Rule tab is displayed.
Below is a screen shot of the Advanced EPL Rule tab.
The following table lists the parameters in the Advanced EPL Rule tab.
In the Notifications section, you can choose how to be notified when ESA generates an alert for the rule.
For more information on the alert notifications, see Add Notification Method to a Rule.
The following figure shows the Notifications section.
In the Enrichments section, you can add a data enrichment source to a rule.
For more information on the enrichments, see Add an Enrichment to a Rule.