EPL documentation - for creating custom rules
FAQ
The EPL in ZoneFox uses NEsper, the documentation can be accessed here, chapter 5 covers the EPL.
Some of the rules provided with ZoneFox use EPL, these can be reviewed for examples of code. E.g the User login out of hours:
select * from pattern [every ae1=ActivityEvent ( NOT User.StartsWith('window manager__dwm', StringComparison.InvariantCultureIgnoreCase), NOT User.StartsWith('nt authority', StringComparison.InvariantCultureIgnoreCase), Activity = 'user logged on', OccurredOn.getDayOfWeek() = DayOfWeek.Saturday OR OccurredOn.getDayOfWeek() = DayOfWeek.Sunday OR OccurredOn.getHourOfDay() >= 22 OR OccurredOn.getHourOfDay() <= 6)]
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.