Skip to content

event filter

Jump to bottom Edit New page
Anonymous edited this page Nov 26, 2013 · 2 revisions

The engine filter permits to users to choose which events have to be processed by Canopsis.

Filter description

The engine applies filters which are composed of a priority, an action and a rule.

  • The priority designates the filter application priority order.
  • The action is DROP or PASS designates respectively if an event which matches with the rule will be deleted or processed by Canopsis.
  • The rule parses event field values.

Filter definition

Menu

Definition of such filters is possible through the view filter accessible from the filter rules menu.

View

The view filter permits to add/edit/duplicate/delete and define a default action for events which match with none filters.

Wizard

In filter editing mode (by pushing the add button or in double clicking on a filter) a wizard with two tabs permits to define a filter properties.

Options

The tab "options" defines name, priority and action of a filter.

Rules

The tab "rule" defines how an event is chosen by the filter in edition.

Add a custom footer
Add a custom sidebar
Clone this wiki locally