The Match context allows you to use Filters to filter event data produced by specific Situations.
For more details about the product and how to configure features, click Help or press F1.
Steps
-
Browse to the Situations you want to count in the left pane of the dialog box and drag and drop them into the
Correlated Situations field.
CAUTION:
In custom Correlation Situations, logging might be automatically enabled for the correlated Situations even if the correlated Situations do not normally have logging enabled. If the Situations produce a large amount of log data and correlation is done on the Log Server, the increased amount of log data might overload the network or the Log Server even if no correlation matches occur.
-
Click
Edit and define a local filter.
-
(Optional) Select the Usage Context to define where correlation is done.
Note: If you select a Usage Context that does not include the Log Server, events only match if they are all detected by the same NGFW Engine or NGFW Engine Cluster.