SIEM Correlation Rule Logic Generator
Define Required Correlated Events (A AND B AND C...)
All defined events must occur within the specified time window, grouped by the aggregate field (e.g., source_ip).
Current Event Conditions
| ID | Event Name | Field/Value | Min Count | Actions |
|---|
Generated Correlation Rule Logic
Click "Generate Rule Logic" to preview the final rule definition.
