Anonymous_User Absent Member.
Absent Member.
445 views

Sentinel 7.0.1 Correlation rule message/severity


Hello,

I try to create a correlation rule and I would like to personalize the
message and the severity.

Actually, when a correlation rule match, the message is one of event
message and the severity is always equal to 4.

Is it possible to change the default values ?

Regards


--
chris54
------------------------------------------------------------------------
chris54's Profile: https://forums.netiq.com/member.php?userid=1915
View this thread: https://forums.netiq.com/showthread.php?t=44977

0 Likes
3 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel 7.0.1 Correlation rule message/severity

Hi Chris,

>>> On 17.10.2012 at 18:14, chris54<chris54@no-mx.forums.netiq.com> wrote:


> Hello,
>
> I try to create a correlation rule and I would like to personalize the
> message and the severity.
>
> Actually, when a correlation rule match, the message is one of event
> message and the severity is always equal to 4.
>
> Is it possible to change the default values ?


You need to add a "generate custom correlation event" action in Action
Manager and attach that to your correlation rule.

Norbert
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel 7.0.1 Correlation rule message/severity


Norbert Klasen;216308 Wrote:
> Hi Chris,
>
> >>> On 17.10.2012 at 18:14, chris54<chris54@no-mx.forums.netiq.com>

> wrote:
>
> > Hello,
> >
> > I try to create a correlation rule and I would like to personalize

> the
> > message and the severity.
> >
> > Actually, when a correlation rule match, the message is one of event
> > message and the severity is always equal to 4.
> >
> > Is it possible to change the default values ?

>
> You need to add a "generate custom correlation event" action in Action
> Manager and attach that to your correlation rule.
>
> Norbert


Ok, thank.

Do you have a sample of "Generate custom correlation event" action,
that can help me to save time?


--
chris54
------------------------------------------------------------------------
chris54's Profile: https://forums.netiq.com/member.php?userid=1915
View this thread: https://forums.netiq.com/showthread.php?t=44977

0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Sentinel 7.0.1 Correlation rule message/severity

Hi Chris,

>>> On 18.10.2012 at 17:14, chris54<chris54@no-mx.forums.netiq.com> wrote:


> Norbert Klasen;216308 Wrote:
>> Hi Chris,
>>
>> >>> On 17.10.2012 at 18:14, chris54<chris54@no‑mx.forums.netiq.com>

>> wrote:
>>
>> > Hello,
>> >
>> > I try to create a correlation rule and I would like to personalize

>> the
>> > message and the severity.
>> >
>> > Actually, when a correlation rule match, the message is one of event
>> > message and the severity is always equal to 4.
>> >
>> > Is it possible to change the default values ?

>>
>> You need to add a "generate custom correlation event" action in Action
>> Manager and attach that to your correlation rule.
>>
>> Norbert

>
> Ok, thank.
>
> Do you have a sample of "Generate custom correlation event" action,
> that can help me to save time?


Just go to Control Center - Configuration - Action Manager - Add - Select
"Configure Correlated Event" as Action and set the parameters as needed.

Norbert
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.