Juniper SECURITY THREAT RESPONSE MANAGER 2008.2 R2 - LOG MANAGEMENT REV 1 Manual page 45

In the Test Group drop-down list box, select the type of test you wish to apply to
a
this rule.
The resulting list of tests appear. For information on tests, see
Tests.
For each test you wish to add to the rule, select the + sign beside the test.
b
The selected test(s) appear in the Rule field.
For each test added to the Rule field that you wish to identify as an excluded
c
test, click and at the beginning of the test.
The and appears as and not.
For each test added to the Rule field, you must customize the variables of the
d
test. Click the underlined configurable parameter to configure. See
Tests.
Repeat for all tests you wish to apply to this rule.
e
In the enter rule name here field, enter a name you wish to assign to this rule.
Step 6
To export the configured tests as building blocks to use with other rules:
Step 7
Click Export as Building Block.
a
The Save Building Block window appears.
Enter the name you wish to assign to this building block.
b
Click Save.
c
To assign multi-event functions to the rule, select Functions from the Test Group
Step 8
drop-down list box and configure the function:
The functions include:
STRM Log Management Users Guide
Creating a Rule 39
Event Rule
Event Rule