This section explains how to add normalizing rules to an event source.
About normalizing rules
Normalizing rules are used for transforming events. After Kaspersky CyberTrace applies normalizing rules to an incoming event, the event is processed using regular expressions.
There are two types of normalizing rules:
Rules for replacing one character sequence with another.
Rules for ignoring events that contain a character sequence.
If the replacing rules and ignoring rules are set, replacing rules are applied first and ignoring rules are applied second.
In the specified regular expressions, the asterisk (*)
and question mark (?)
are not treated as wildcard characters.
Adding normalizing rules
Adding normalizing rules
To add a normalizing rule:
The window with the properties of the selected event source opens.