Event Selection Overview
Event Selection controls the flow of information to Advanced Analytics and enables you to selectively determine which events are passed to Advanced Analytics by leveraging Common Information Model (CIM 2.0) parsed fields. No data will flow to Advanced Analytics unless it has been configured in Event Selection.
With Event Selection, you can view, add, change, delete, and save event selection logic to deliver events by matching and comparing operations of parsed Common Information Model (CIM 2.0) fields, to ensure only necessary events are passed to Advanced Analytics. You can search for, edit, and save a list of filter rules and then put those filters into effect.
Event Selection includes a list of default selection logic statements used to pass all activity types that Advanced Analytics can leverage. You can view and choose from this list what events will become active, to save deployment time and ensure all events used by Advanced Analytics are considered. When Exabeam updates the default selection logic, you will be notified, so you can review and decide if you need to make them active.
You are able to view a history of changes made to the selection logic including who made the changes, and what changes were made, to provide a security audit trail of activity.
Event Selection is used after parsing is completed and should be configured after parsing changes are completed.