CRE

The custom rule event (CRE) category contains events that are generated from a custom offense, flow, or event rule.

The following table describes the low-level event categories and associated severity levels for the CRE category.

Table 1. Low-level categories and severity levels for the CRE category
Low-level event category Category ID Description Severity level (0 - 10)
Unknown CRE Event 12001 Indicates an unknown custom rules engine event. 5
Single Event Rule Match 12002 Indicates a single event rule match. 5
Event Sequence Rule Match 12003 Indicates an event sequence rule match. 5
Cross-Offense Event Sequence Rule Match 12004 Indicates a cross-offense event sequence rule match. 5
Offense Rule Match 12005 Indicates an offense rule match. 5