How groups are added to filters and rules in the SEM Events Console
This section demonstrates how groups are used in filters and rules.
The following image shows the filter builder in the SEM Events Console. In the left drag panel, groups are organized by group type. On the right side, the filter builder shows that the Service Audit Alerts event group is included as a condition of the filter.
The next image shows a rule definition in the SEM Events Console. Again, groups are organized by group-type on the left side. On the right side, the rule definition builder shows two different groups in the rule conditions: the Network Audit Alerts event group, and the Approved DNS Servers user-defined group. Four child fields are specified in the Network Audit Alerts event group: SourcePort, DestinationPort, SourceMachine, and DestinationMachine.