Reporting: IPDB Event Source Specification

Document created by RSA Information Design and Development Employee on Jun 26, 2017
Version 1Show Document
  • View in full screen mode

This topic describes the IPDB event sources that you can specify. You can specify IPDB event sources either using wildcards or by specifying the complete address of the event source. The following table lists the supported IPDB event source specifications.

Event SourceDescription
*:*:*:*:*All domains, sites, nodes, Device Types (Event Source Types) and event source IP addresses. Security Analytics supports a single site wildcard for domain and site. 
domain:site:*:*:*All nodes, device types, and event source IP addresses for the specified site.
domain:site:node:*:*All device types and event source IP addresses for the specified node.
domain:site:node:devicetype:*All event source IP addresses for the specified domain, site, node, and device type.
domain:site:node:devicetype:event-source-address1,domain:site:node:devicetype:event-source-address2,...domain:site:node:devicetype:event-source-addressN.Comma-separated list of event sources.
Previous Topic:Rule View
You are here
Table of Contents > Reporting Module References > Rule References > IPDB Event Source Specification