How is a subparttern for a rule defined?
Rule Subpattern Definition: In FortiSIEM, a subpattern within a rule is used to define specific conditions and criteria that must be met for the rule to trigger an incident or alert.
Components of a Subpattern: The subpattern includes the following elements:
Filters: Criteria to filter the events that the rule will evaluate.
Aggregation: Conditions that define how events should be aggregated or grouped for analysis.
Time Window Definitions: Specifies the time frame over which the events will be evaluated to determine if the rule conditions are met.
Reference: Together, these components allow the system to efficiently and accurately detect patterns of interest within the event data.
References: FortiSIEM 6.3 User Guide, Rules and Patterns section, which explains the structure and configuration of rule subpatterns, including the use of filters, aggregation, and time window definitions.
Lonny
9 months agoNydia
9 months agoJanet
9 months agoMartha
9 months agoLeonardo
8 months agoHeidy
9 months agoAnisha
9 months agoMitsue
9 months agoStephane
9 months agoMargurite
8 months agoRebbecca
8 months agoHelaine
8 months agoJames
8 months agoNydia
9 months ago