Add a trigger
To verify that events are being captured, create a catch all rule to log the security events.
- Select Logs > Security Incidents > Triggers
- Click Add or select an existing security trigger and click Modify.
- Click in the Name field and enter a name for this security trigger.
- Use the table below to enter the security trigger information.
- Click OK to save your security rule trigger.
Settings
|
Field |
Definition |
|
Name |
A name for this security trigger. |
|
Time Limit |
The amount of time within which the incoming events must occur before satisfying the trigger. |
|
Filter Match |
Select whether any size subset of the security filters must be matched in order to satisfy the trigger. |
|
Not currently in use/In use by |
Indicates whether the trigger is in use, and the number of rules currently associated with the trigger. |
|
Security filters |
|
|
Frequency |
The number of times the security event must occur from the vendor in order to satisfy the trigger. |
|
Vendor |
The name of the vendor that is sending the security event. |
|
Type |
Specifies the type of security event. |
|
Sub Type |
Specifies the subtype of security event. |
|
Threat ID |
A unique identifying code supplied by the vendor for the specific type of threat or event that occurred. |
|
Description |
A textual description supplied by the security appliance of the event. |
|
Severity |
The range within which the threat level must be defined in order to satisfy the trigger. |
|
Number of Custom Fields |
The number of custom fields that were added to the filter. |
|
Add |
Click to add a filter. |
|
Modify |
Click to modify a selected filter. |
|
Delete |
Click to delete a selected filter. |
|
Not currently in use/In use by |
Indicates whether the action is in use, and the number of rules currently associated with the action. |