How to create siem rule group
1. Goto to Offenses tab --> Rules in left pane --> Groups at top in right pane
2. It will open following wizard. click New Group at top
3. Add group name and description and click OK
How to create siem rule
SIEM Rule to identify log sources not sending event for specific time.1. Open Offenses tab --> Rules in left pane --> Display --> rule
2. Click "Actions --> New Event Rule or whatever you want to create
3. It will open a wizard click Next
4. Click Events, Flows, Events and Flows, Offenses as you want to create. I selected Events and click next.
5. Select Test Group which is suitable to your requirements. I have selected Log Source Tests and added last option by clicking on + sign at left.
6. Add log sources which you want to test and put time in seconds to test. Select group in which you want to place this rule and click next.
7. Select the action to be performed on this rule. I have selected Email to send and email for this rule.
8. Click the Finish to complete the rule.
It will create a rule to check the selected log sources not sending event for the specified amount of time.
SIEM use case for log sources not sending events for specific time.