Other Resources

    Creating Custom Correlation Rules with Correlation Rule Builder


    With EventLog Analyzer's custom correlation rule builder, you can easily form the attack patterns by combining the predefined rules and specifying the threshold limits.

    Below is the steps to create attack patterns with the correlation rule builder.

     

    Click the Add New Rule link

    1. Enter a name for the new rule

    2. Add a description for the new rule

    3. Search and select or select from the existing rule or category

    4. Add a correlation criteria of how many times an event occurs within how much time

    5. Click Next button

    6. Add a source user

    7. Add a source host, alternatively pick a host from the list

    8. Add a destination host, alternatively pick a host from the list

    9. Click Apply button to complete new rule addition