How to create a sequential rule
Has anyone worked on creating sequential rules. For example; I have 3 individual rules (1. DDoS Attack, 2. Website goes down, 3. Website down after DDoS Attack).
Rule 1: Looks for DDoS Attack.
Rule 2: Looks for Website status change.
Rule 3: Website status down after DDoS Attack. This rule should trigger after Rule 1 & Rule 2 trigger in sequential order.
Thanks and Regards,
Re: How to create a sequential rule
First You have to thik of, if there is anything in events, that connect these scenarious.
Probably close time frame of events will be one thing, but also it will be nice that events share also more things for example IP adresses in this case. You can solve this problem in various ways I would prefere Active list, as short term storage for events (outcome of rules), because You can use longer time frame for corellation....