New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Vice Admiral
Vice Admiral

Extract certain data from an Active List


I have a question about the use of Active List.

So, for example,I have an active List with 3 fields

Source Address, Destination Address, Action


...    FTP Transfer   Virus Fouund  Server Rebooted



In the active list there can be more data with the same Source Address and different values of Destination Address and Action.

Now, I would like to do a rule that every time is fired, can extract all the raw from the Active List with the same Source Address that fired the rule and send by e-mail    FTP Transfer  Server Rebooted

Is it possible to do that?

Any suggestions are welcome.


Luca Gabrielli

Labels (1)
2 Replies
Ensign Ensign

Use Local Variable


And add the local variables fields all in the aggregation in identical section


Vice Admiral
Vice Admiral

Hi, thank for your answer.

I would like to ask you how to use the variable in the rule.


I have created a local variable "cattivo"  associated to the attacker address.

create variable.png

In the aggregation,(identical section) I have added only the local variable "cattivo"


In the action tab, no action are enabled.

Now, what I don't understand, is where are located the information (all raws) from the Active List with the same Attacker

Address that fired the rule.

Whatching the correlator, I can't see any event about it.

Can you help me?

Thank in advance.

Luca Gabrielli

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.