Configure Correlated Event - Novell SENTINEL 6.1 SP2 - 02-2010 User Manual

If no Action is specifically selected when deploying a correlation rule, a correlated event with the
following default settings is created:
Default Settings
Table 3-3
Field Name
Severity
Event Name
Message
Resource
SubResource

3.6.1 Configure Correlated Event

Configure Correlated Event
Figure 3-2
NOTE: This type of action can only be used in Correlation deployments.
To override the default values for the correlated event created when a rule fires, an action can be
created to populate the following fields in the correlated event:
Severity

Event Name

Message

Resource

SubResource

Default Values
4
Final Event Name
<message>
Correlation
<Rule Name>
Correlation Tab 87