Global Variables

Variables derive values from existing data fields that you can create locally in your resource to make monitoring and correlation more specific to particular scenarios.

In addition to these local variables, ESM provides a global variable resource to define a variable once, then re-use it in multiple places:

Where you define conditions (active channels, rules, filters, data monitors, and queries)
Where you select fields (CCE and field sets)

Because global variables are centralized and reusable, they are building blocks for advanced correlation scenarios.

Global variables are selectable in the Common Conditions Editor (CCE) as additional fields on the Filters or Conditions tabs, as Group By arguments for data monitors and queries, and in rule conditions and actions. You can add variables to field sets in the Field Set Editor to extend the event and resource schema with values derived from other data fields.

You can promote resource-specific local variables to global variables.

Micro Focus Security Community
All Documentation
Support
Education
Send Us Feedback

Close

We welcome your comments!

You can either:

Open an email window.

Or copy the information below to an email client and send the email to Documentation-Feedback@microfocus.com.

Help Topic ID:

Product:

Topic Title:

Feedback: