How is a subparttern for a rule defined?
Rule Subpattern Definition: In FortiSIEM, a subpattern within a rule is used to define specific conditions and criteria that must be met for the rule to trigger an incident or alert.
Components of a Subpattern: The subpattern includes the following elements:
Filters: Criteria to filter the events that the rule will evaluate.
Aggregation: Conditions that define how events should be aggregated or grouped for analysis.
Time Window Definitions: Specifies the time frame over which the events will be evaluated to determine if the rule conditions are met.
Reference: Together, these components allow the system to efficiently and accurately detect patterns of interest within the event data.
References: FortiSIEM 6.3 User Guide, Rules and Patterns section, which explains the structure and configuration of rule subpatterns, including the use of filters, aggregation, and time window definitions.
Lonny
8 months agoNydia
8 months agoJanet
8 months agoMartha
8 months agoLeonardo
8 months agoHeidy
8 months agoAnisha
8 months agoMitsue
9 months agoStephane
9 months agoMargurite
7 months agoRebbecca
7 months agoHelaine
7 months agoJames
7 months agoNydia
9 months ago