With EventLog Analyzer's custom correlation rule builder, you can easily form the attack patterns by combining the predefined rules and specifying the threshold limits.
Below is the steps to create attack patterns with the correlation rule builder.
Click the Add New Rule link
Enter a name for the new rule
Add a description for the new rule
Search and select or select from the existing rule or category
Add a correlation criteria of how many times an event occurs within how much time
Click Next button
Add a source user
Add a source host, alternatively pick a host from the list
Add a destination host, alternatively pick a host from the list
Click Apply button to complete new rule addition