Table of Contents
Advertisement
Filter Wizard displaying labels in drop-down and free-form language
Figure 1-2
The representation of fields in the free-form RuleLG language is usually prefaced by "e." for
example, "e.InitUserName" or "e.sun" can refer to the Initiator User Name for the incoming or
current event. In special cases, "w." may be used to refer to a field in a past event (for example,
"w.InitUserName"). For more information about the RuleLG language, see
Chapter 3, "Sentinel 6.1
Rapid Deployment Correlation Engine RuleLG Language," on page
37.
1.1.2 Actions
Users can use either the tag or the label when they define parameters to be sent to right-click Event
Menu actions, correlation actions, and iTRAC workflow actions.
To pass a field value to an action, you may use a checklist that shows the labels or type the parameter
name directly into the configuration.
Sentinel 6.1 Rapid Deployment Event Fields
13
Advertisement
Table of Contents
