Novell SENTINEL 6.1 SP2 - 02-2010 User Manual page 75

To create a sequence rule:
1 Open the Correlation Rules Manager window and select a folder from the Folder drop-down
list to which this rule is added.
2 Click Add button located on the top left corner of the screen. The Correlation Rule window
displays. Select Sequence Rule.
3 In Sequence Rule window, you can select a sub-rule to create a sequence rule. To select a sub-
rule, click Add Rule button. Add Rule window displays.
4 Select a rule and click OK.
5 Set parameters for the rule to fire. To group event tags according to the attributes, Click Add/
Edit. The Attribute List window displays.
6 Check the attribute as per your requirement. You can preview the rule in RuleLg preview box.
Click Next, the Update Criteria window displays.
7 Update criteria for the rule to fire and click Next.
8 Provide a name to this rule. You have an option to modify the rule folder.
9 Provide rule description and click Next.
10 You have an option to create another rule from this wizard. Select your option and click Next.
Custom or Freeform Correlation Rules
The custom or freeform rule option is the most powerful option for creating a correlation rule. This
allows the user to create any of the previous types of rules by typing the RuleLG correlation rule
language directly into the Correlation Rule Wizard.
Freeform rules are the only way to include certain functionality in a correlation rule. Freeform rules
give you the ability to do the following:
Nest operations using parentheses (to specify order of operations)

Use the operator to refer to a dynamic list

inlist
Correlation Tab 75