Highlighted
Frequent Contributor.
Frequent Contributor.
284 views

How to create a sequential rule

Hello All,

Has anyone worked on creating sequential rules. For example; I have 3 individual rules (1. DDoS Attack, 2. Website goes down, 3. Website down after DDoS Attack).

Rule 1: Looks for DDoS Attack.
Rule 2: Looks for Website status change.

Rule 3: Website status down after DDoS Attack. This rule should trigger after Rule 1 & Rule 2 trigger in sequential order.

--
Thanks and Regards,
Siddarth T

0 Likes
1 Reply
Highlighted
Regular Contributor.. Regular Contributor..
Regular Contributor..

Re: How to create a sequential rule

First You have to thik of, if there is anything in events, that connect these scenarious.

Probably close time frame of events will be one thing, but also it will be nice that events share also more things for example IP adresses in this case. You can solve this problem in various ways I would prefere Active list, as short term storage for events (outcome of rules), because You can use longer time frame for corellation....

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.