Event Group
Event Group finds event patterns in traffic by following if all events in the defined set of Situations match at least once in any order within the defined time period.
Field | Option (if any) | Explanation |
---|---|---|
Member (column) | Event Match | Filter for grouping. |
Needed Number | How many occurrences of the Event selected for this Member are required for them to be included in the grouping. | |
Binding | Log field used for the grouping. | |
Correlated Situations | Situations you want to group. | |
Keep and Forward Events | Yes | Makes the Correlation Situation examine the events and trigger the response defined in the Inspection Policy but does not actually group the matching events into one. All individual events are still available for further inspection, even though they have already triggered a response. |
No | Makes the Correlation Situation group the matching events together. Only the response defined in the Inspection Policy is triggered, and no further processing is done on the individual events. | |
Time Window Size | The period of time within which the Situation must occur for them to be grouped. | |
Continuous Responses | Yes | Makes the Engine or Log Server respond as defined in the Inspection Policy to each occurrence of the defined event within the selected Time Window. |
No | Makes the Engine or Log Server respond only to the first occurrence of the defined event within the selected Time Window. |