Event Sequence
Event Sequence finds event patterns in traffic by following if all events in the defined set of Situations match in a specific order within the defined time period.
| Field | Option (if any) | Explanation |
|---|---|---|
| Entry to/Exit from (columns) | Event Match | Filter for selecting data for the sequencing. |
| Binding | Log field that the Correlation Situation traces to find a sequence. | |
| Correlated Situations | Situations from which you want to find sequences. | |
| Keep and Forward Events | Yes | Makes the Correlation Situation examine the events and trigger the response defined in the Inspection Policy but does not actually group the matching events into one. All individual events are still available for further inspection, even though they have already triggered a response. |
| No | Makes the Correlation Situation group the matching events together. Only the response defined in the Inspection Policy is triggered, and no further processing is done on the individual events. | |
| Time Window Size | The period of time within which the Situation must occur for them to be reagarded as a sequence. |