Rule Chaining
Chaining with Parameterized User-Defined Rules
FortiDB Version 3.2 Utilities User Guide
15-32000-81369-20081219
15
Policy Settings for Suspicious Login Time
2
Create a UBM Session Policy, our Source rule, in order to monitor BAD_GUY and
generate an alert to trigger our Target rule, a PUDR. We will pass the Session ID
from the Source to the Target rule.
3
Create a Target PUDR, in the UBM module, which will contain the following kill-
session code. That code, in turn, will accept our passed Session ID parameter
(shown in red):