Table of Contents
Advertisement
To make an existing element persistent, select the check box next to the element name in the
Dynamic Properties window.
6 Select Transient elements life span, then specify the time the persistent values are active in the
list
7 Specify the maximum number of elements. The number defined here limits the number of
elements in the list.
8 Click OK.
Select a filter type from Quick Filter drop-down list and specify the name of the element, to
filter the available elements.
4.4.2 Modifying a Dynamic List
1 Click Correlation on the menu bar and select Dynamic Lists. Alternatively, you can click the
Dynamic Lists button on the toolbar.
2 Select a dynamic list and click the View/Edit link.
3 The Dynamic List Properties window displays. Edit the options as required and click OK.
4.4.3 Deleting a Dynamic List
WARNING: Do not delete a dynamic list that is part of a correlation rule or rules.
1 Click Correlation on the menu bar and select Dynamic Lists. Alternatively, you can click the
Dynamic Lists button on the toolbar.
2 Select a dynamic list and click the Delete link next to it. A confirmation message alert
displays.
3 Click Yes to delete the list.
4.4.4 Removing Dynamic List Elements
There are several ways an element can be removed from a dynamic list:
A user can remove it manually
The element can be removed by a Correlation rule action
The transient element life span can expire
If the maximum number of elements for a dynamic list is reached, elements are removed from
the list to keep the list at or below the maximum list size. The transient elements are removed
(from oldest to newest) before any persistent elements are removed.
4.4.5 Using a Dynamic List in a Correlation Rule
Dynamic lists can be referenced in a Correlation rule by using the Custom/Freeform option of the
Correlation Rule Wizard. For example:
filter(e.<tagname> inlist <Dynamic List Name>)
100 Sentinel 6.1 Rapid Deployment User Guide
Advertisement
Table of Contents
