Pattern Discovery Lifecycle
The creation and use of Pattern Discovery consists of three phases:
- Create a profile (see Creating or Editing a Profile)
- Generate snapshots (see Taking a Snapshot)
- Investigate patterns (see Investigating Patterns)
Use these options to analyze and respond to the patterns you discover in snapshots.
| Option | Usage |
|---|---|
| Create Rule | Use the Rules Editor to create a rule from a detected pattern of events or a selected event-level in the pattern hierarchy. |
| Show Related Events | Open a new channel filtered with a matchesPattern operator that
uses the whole pattern, or event-levels, as its argument. |
| Show Event Graph | Graph the complete pattern or a selected event-level in the pattern hierarchy, to analyze using the ArcSight Console's visualization tools. |
| Inspect Pattern | The Pattern Inspector shows details, and you can click the Actions button to apply the options described in this table. |
| Investigate | You can create an active channel, or add a filter to the editor, using (or not using) the name of the selected event item in the pattern. |
| Tools | Choose one of the network tools ArcSight provides to explore the origin of the selected event item. |
| Annotate Pattern | You can mark the pattern with a workflow collaboration Stage and Assign it to a user for filtering by Stages and Users resources. |