The correlation rules

A correlation rule is used to alert the admin when an event, or a series of events, occur in a specified time range.
In order to create a new simple rule you have to:

Requirements:

• A mail server must be configured. Look this section to see how to configure a mail server.
• Pattern must belong to specific class.

Using the SGBox web interface: SGBOX > LCE > Rules

Clink on New Rule

On the left section,tab Ranges, find the interested time range and drag it in correct section on the right.

The same for Events tab.

The next step is configure the Action. Search it on Actions tab and drag it on the correct section. We choose Send Email.
It’s important also define a Timeout. Timeout is the maximum time ( in seconds ) between of the first and the last occurrence of the event. If there are only one event we can set timeout to “1”.

Click on Save to finish the wizard.
Give a name, description, and click on Active flag to enable it.