Generic Events and Data sources (properties)

This feature only works if you have the XProtect event server installed.

Generic event (properties)

Component	Requirement
Name	Unique name for the generic event. Name must be unique among all types of events, such as user defined events, analytics events, and so on.
Enabled	Generic events are by default enabled. Clear the check box to disable the event.
Expression	Expression that the system should look out for when analyzing data packages. You can use the following operators: `( )`: Used to ensure that related terms are processed together as a logical unit. They can be used to force a certain processing order in the analysis Example: The search criteria `(User001 OR Door053) AND Sunday` first processes the two terms inside the parenthesis, then combines the result with the last part of the string. So, the system first looks for any packages containing either of the terms `User001` or `Door053`, then takes the results and run through them in order to see which packages also contain the term `Sunday`. `AND`: With an `AND` operator, you specify that the terms on both sides of the `AND` operator must be present Example: The search criteria `User001 AND Door053 AND Sunday` returns a result only if the terms `User001`, `Door053` and `Sunday` are all included in your expression. It is not enough for only one or two of the terms to be present. The more terms you combine with AND, the fewer results you retrieve. `OR`: With an `OR` operator, you specify that either one or another term must be present Example: The search criteria `"User001" OR "Door053" OR "Sunday"` returns any results containing either `User001`, `Door053` or `Sunday`. The more terms you combine with `OR`, the more results you retrieve.
Expression type	Indicates how particular the system should be when analyzing received data packages. The options are the following: Search: In order for the event to occur, the received data package must contain the text specified in the Expression field, but may also have more content Example: If you have specified that the received package should contain the terms `User001` and `Door053`, the event is triggered if the received package contains the terms `User001` and `Door053` and `Sunday` since your two required terms are contained in the received package Match: In order for the event to occur, the received data package must contain exactly the text specified in the Expression field, and nothing else Regular expression: In order for the event to occur, the text specified in the Expression field must identify specific patterns in the received data packages If you switch from Search or Match to Regular expression, the text in the Expression field is automatically translated to a regular expression.
Priority	The priority must be specified as a number between 0 (highest priority) and 999999 (lowest priority). The same data package may be analyzed for different events. The ability to assign a priority to each event lets you manage which event should be triggered if a received package matches the criteria for several events. When the system receives a TCP and/or UDP package, analysis of the packet starts with analysis for the event with the highest priority. This way, when a package matches the criteria for several events, only the event with the highest priority is triggered. If a package matches the criteria for several events with an identical priority, for example two events with a priority of 999, all events with this priority is triggered.
Check if expression matches event string	An event string to be tested against the expression entered in the Expression field.