Version:

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Unique count for event handler 6.4.2

This is an enhancement to the Generate Alert threshold section of the event handlers which provides additional criteria (Distinct field value) for triggering events.

To configure unique count in an event handler:
  1. When editing an event handler, there are two new options available in the Generate Alert When section:
    • Exact: The legacy function. An event is triggered when the set number of logs meet the general condition defined in the event log filter.
    • Distinct: An event is triggered when there are a set number of distinct values from the chosen log field, and the conditions of the general event log filter are met.
      In the example below, five distinct attacks within 30 minutes from the same endpoint will generate an event, allowing for strict criteria for an IPS event definition.
  2. Generated events with associated first and last logs from before the trigger event is recorded are consolidated into the same event to a maximum of 50 logs. For a full log list, use Search in Log View from the event context menu.

Unique count for event handler 6.4.2

This is an enhancement to the Generate Alert threshold section of the event handlers which provides additional criteria (Distinct field value) for triggering events.

To configure unique count in an event handler:
  1. When editing an event handler, there are two new options available in the Generate Alert When section:
    • Exact: The legacy function. An event is triggered when the set number of logs meet the general condition defined in the event log filter.
    • Distinct: An event is triggered when there are a set number of distinct values from the chosen log field, and the conditions of the general event log filter are met.
      In the example below, five distinct attacks within 30 minutes from the same endpoint will generate an event, allowing for strict criteria for an IPS event definition.
  2. Generated events with associated first and last logs from before the trigger event is recorded are consolidated into the same event to a maximum of 50 logs. For a full log list, use Search in Log View from the event context menu.