Support

Support for business applications

Kaspersky Unified Monitoring and Analysis Platform

User guide

KUMA resources

Segmentation rules

Kaspersky Unified Monitoring and Analysis Platform
Нет результатов
Knowledge Base Online Help
FAQ Solution overview Forum Contact support Product videos

Segmentation rules

April 8, 2024

ID 222426

Get as PDF

In KUMA, you can configure alert segmentation rules, that is, the rules for dividing similar correlation events into different alerts.

By default, if a correlation rule is triggered several times in the correlator, all correlation events created as a result of the rule triggering are attached to the same alert. Alert segmentation rules allow you to define the conditions under which different alerts are created based on the correlation events of the same type. This can be useful, for example, to divide the stream of correlation events by the number of events or to combine several events having an important distinguishing feature into a separate alert.

Alert segmentation is configured in two stages:

  1. Segmentation rules are created. They define the conditions for dividing the stream of correlation events.
  2. Segmentation rules are linked to the correlation rules within which they must be triggered.

In this section

Segmentation rule settings

Linking segmentation rules to correlation rules

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.