Adding Additional High Level Dataset Filter Conditions

In order to improve the accuracy of your detection results and reduce false positives, you can add additional filter conditions to detect only those behaviors which meet a combination of specific criteria.

To add additional filter conditions to a high level dataset, follow these steps:

1. Navigate to the scenario you want to further define in the Pipeline Designer by selecting Pipeline Administration, then Pipeline Designer, and selecting the scenario pipeline. The Pipeline Designer displays for the scenario.
2. Select Edit in the High Level Dataset widget . The Threshold Editor displays for this dataset.
3. Select Add Additional High Level Dataset for the filter that you wish to define further. The Additional Condition window opens for this threshold.
4. Click Add. Under Output, click Add again.
5. Select an item from the drop-down list to include in the filter conditions for this scenario. Modify the details as desired. The Output section displays the new condition.
   To add additional filter conditions, if desired, click Add and select another item from the drop-down list.
   Clicking Add under output from the same condition joins these conditions as an AND condition. Clicking Add from the right hand side of the Additional Condition window joins the conditions as an OR condition. The following image provides an example:

   Figure 5-1 Sample High Level Dataset Output

   
   You can continue to add and select filter conditions until you are satisfied with the granularity.
6. When you have finished adding all the filter conditions, click Save.