Specify the native event that you want the rule to summarize by setting a simple filter for the CEG event normalization fields. These four fields, which are part of the event-specific class, are provided for all events expressed in the CEG, allowing you to identify an event.
You can specify the combination of event normalization fields you want using the Simple Filters tab. You can also use advanced filters for further detail in event identification. Specify at least one simple filter for a suppression rule.
To select a summarization rule event
Describes the broad class of technology involved in the event. For example, Firewall and Network Device are idea models.
Describes broad categories of events. For example, all account, user group, and role-related events are recorded under the "Identity Management" Event Category. Each Event Category has one or more classes (subcategories), so any choice changes the available selections in Event Class menu.
Provides a more detailed classification of events in a specific event category. For example, Identity Management events are divided into one of three classes: account, group, or identity. Each Event Class has one or more associated actions, so any choice changes the available selections in Event Action menu.
Describes common actions for each Event Category and Class. For example, Account Management, a class of the Identity Management category, contains account creation, deletion, and modification actions.
If you click Save and Close, the new rule appears in the list, otherwise the step you select appears.
|
Copyright © 2013 CA.
All rights reserved.
|
|