Defining Event Scoring Rule

Step 2: Create rules for Event Scoring

Complete the steps in Defining Correlation Scoring

To define an event scoring, follow these steps:

1. Hover on the Event Scoring widget and click Edit . The Ruleset Details window is displayed for the Event Scoring widget.
2. Provide the details as described in the following table.

   Table 6-6 Fields to Define Event Scoring Pipeline

   Field	Description
   Ruleset Name	Enter the name for the event scoring rule.
   Ruleset Description	Enter the description for the event scoring rule.
   Scoring Aggregation Type	Select the scoring aggregation type from the Scoring Aggregation Type drop-down list. There are three Score Aggregation Types: SUM: This option calculates the sum of the scores among the associated rules and assigns it as the final score. MIN: This option calculates the minimum score among the associated rules and assigns it as the score. MAX: This option calculates the maximum score among the associated rules and assigns it as the score.
   Rules	Define the conditions using the Rules section for scoring. For more information, see the Adding a Rule section.

3. To add a rule, click Add on the left (Rules pane) and specify conditions for the rule. You can add multiple rules and multiple conditions under each rule. For more information, see the Adding a Rule section.
4. Click Save to save the changes.
5. Add more rules as needed to define all the rules for Correlation Scoring.
   You can perform certain tasks that are common in all the widgets, such as edit, delete, filter, and so on. For more information, see the Common Tasks section.