Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

CRE

 

The custom rule event (CRE) category contains events that are generated from a custom offense, flow, or eventan event rule.

The following table describes the low-level event categories and associated severity levels for the CRE category.

Table 1: Low-level Categories and Severity Levels for the CRE Category

Low-level event category

Category ID

Description

Severity level (0 - 10)

Unknown CRE Event

12001

Indicates an unknown custom rules engine event.

5

Single Event Rule Match

12002

Indicates a single event rule match.

5

Event Sequence Rule Match

12003

Indicates an event sequence rule match.

5

Cross-Offense Event Sequence Rule Match

12004

Indicates a cross-offense event sequence rule match.

5

Offense Rule Match

12005

Indicates an offense rule match.

5

Related Documentation