Table of Contents
Advertisement
Where,
represents a meta tag in the incoming event, such as
e.<tagname>
Name) or
(Destination IP address)
e.dip
<Dynamic List Name> is the name of an existing Dynamic List, such as CriticalServerList
The following instructions assume that a dynamic list already exists.
To add a dynamic list to correlation rule:
1 Open the Correlation Rule Manager window and select a folder from the drop-down list to
which this rule is added.
2 Click the Add button located on the top left corner of the screen. The Correlation Rule window
displays. Select Custom/Freeform Rule.
3 In the Custom/Freeform Rule window, write the condition for the rule, including the name of
the dynamic list. For example,
dynamic list name.
4 Click Validate to test the validity of the rule.
5 After validation of the rule, click Next. The Update Criteria window displays.
6 Update the criteria for the rule to fire and click Next.
7 Provide a name for this rule. You have an option to modify the rule folder.
8 Provide a rule description and click Next.
9 You have an option to create another rule from this wizard. Select your option and click Next.
NOTE: Users must have the permission to Start/Stop the Correlation engine to perform these
actions.
The two states of Correlation engine are:
States of the Correlation Engine
Table 4-3
States
Enable
Disable
When the Correlation engine is enabled, it processes active Correlation rules. When it is in a
disabled state, all in-memory data is preserved and no new Correlation events are generated.
Disabling the Correlation engine does not affect other parts of the Sentinel system.
Correlation rules are stored in the Sentinel database. When you activate the Correlation engine in the
Sentinel Control Center, it requests the deployment information and rules from the database.
Changes to a rule are not reflected in the Correlation engine until one of the following things
happens:
The rule is undeployed, edited, and redeployed.
The rule is freshly deployed
filter(e.sev inlist Severity)
Icons
(Source Host
e.shn
where Severity is the
Correlation Tab 101
Advertisement
Table of Contents
Related Manuals for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
Related Products for Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009
- NOVELL SENTINEL 6.1 SP1 HOTFIX 2 - READ ME 9-2009
- NOVELL SENTINEL 6.1.1.0 - README
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - 06-15-2009
- NOVELL NETWARE 6-DOCUMENTATION
- NOVELL ZENWORKS PATCH MANAGEMENT 6.3 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - S
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 - AGENT
- Novell NETWARE 6
- Novell SENTINEL 6.1 SP2
- NOVELL SENTINEL RAPID DEPLOYMENT 6.1 - INSTALLATION GUIDE 12-2009
- NOVELL ZENWORKS PATCH MANAGEMENT 6.4 SP2 - SERVER
- Novell 3.6 05-2008
- Novell Access Manager 3.1 SP 1
- Novell Access Manager 3.1 SP 2
- NOVELL ACCESS MANAGER 3.1 SP1 - AGENT GUIDE
- NOVELL ACCESS MANAGER 3.1 SP1 - IDENTITY SERVER