Proteggiamo il tuo ambiente digitale da qualsiasi attacco informatico. Sfrutta tutte le potenzialità della piattaforma SGBox!

Gallery

Contatti

Via Melchiorre Gioia, 168 - 20125 Milano

info@sgbox.it

+39 02 60830172

Linkedin Facebook-f Twitter

Search another article?

Created On
Print
You are here:
< Back

The correlation rules

A correlation rule is used to alert the admin when an event, or a series of events, occur in a specified time range.
In order to create a new simple rule you have to:

Requirements:

  • A mail server must be configured. Look Configure a Mail server section to see how to configure a mail server.
  • Pattern must belong to specific class.

Using the SGBox web interface: SGBOX > LCE > Rules
Create a correlation rule

Clink on New RuleCreate a correlation rule

On the left section,tab Ranges, find the interested time range and drag it in correct section on the right.Create a correlation rule

The same for Events tab.Create a correlation rule

The next step is configure the Action. Search it on Actions tab and drag it on the correct section. We choose Send Email.
It’s important also define a Timeout. Timeout is the maximum time ( in seconds ) between of the first and the last occurrence of the event. If there are only one event we can set timeout to “1”.Create a correlation rule

Click on Save to finish the wizard.
Give a name, description, and click on Active flag to enable it.

Tags: