Using the Create Event Widget

This widget accepts inputs from evaluation and generates events based on evaluated output data from the evaluation widget

In Scenario Pipelines, the Create Event widget is the final part of the pipeline and is used to produce an event. An event is a record of one or more pattern matches in a detection run, which is a signal for further investigation.

The Create Event widget can only be attached to an Evaluation widget. Multiple Evaluation widgets can be connected to one Create Event widget.

To create an event, follow these steps:

1. In the Pipeline Designer page, select the pipeline where you want to add or modify the Create Event widget. The Pipeline Canvas displays.
2. To add Create Event to an Evaluation, click Add To , and then select Create Event. Alternately, you can right-click on the Canvas to display the list of widgets, select Create Event and associate the Create Event widget with the Evaluation.
3. Click Options then click Edit. The Create Event pane displays.
4. Under Basic Configuration, select the Event Type from the drop-down list.
   You can add additional Event Types, using the steps in Creating Event Types.
5. The Highlights tab displays any Highlights associated with this pipeline.
   Highlights include the most salient facts associated with a match or alert, and are intended to aid with the understanding and possible disposition of an event. This tab includes the following details:
   • Highlight Name
   • New Highlight Name
   • Column
   You can add a new highlight by clicking Add, and following these steps:
   1. Select the Attribute from the drop-down list.
   2. Enter a Name for this highlight.
   3. Click Save.
6. When you have finished configuring the Create Event widget, click Save.