Novell SENTINEL RAPID DEPLOYMENT 6.1 - 12-2009 User Manual page 93

11 Provide a rule description and click Next.
12 You have an option to create another rule from this wizard. Select your option and click Next.
Sequence
A sequence rule is comprised of two or more subrules that must be triggered in a specific order
within the defined time frame. Sequence rules have an optional group by field, which can be any
populated field from the events.
NOTE: When a subrule is used to create a sequence rule, a copy of the subrule is added to the
sequence rule's definition. Because a copy is added, changes to the original subrule do not affect the
sequence rule.
To create a sequence rule:
1 Open the Correlation Rule Manager window and select a folder from the Folder drop-down list
to which this rule is added.
2 Click the Add button located on the top left corner of the screen. The Correlation Rule window
displays. Select Sequence Rule.
3 In the Sequence Rule window, click the Add Rule button to select a sub rule to create a
sequence rule. The Add Rule window displays.
4 Select a rule and click OK.
5 Set parameters for the rule to fire. To group event tags according to the attributes, click Add/
Edit. The Attribute List window displays.
6 Select the attribute you want, then You can preview the rule in RuleLg preview box.
7 Click Next.The Update Criteria window displays.
8 Update criteria for the rule to fire and click Next.
9 Provide a name for this rule. You have an option to modify the rule folder.
Correlation Tab 93