12.3. Invisible (Backend)
12.3.1. Filter Templates
The Analysis Cockpit uses so-called filter templates that describe which fields in which event types are specific enough to be used in a filter that can be used to automatically group events.
These groups can be identified by a common so-called "Auto Case ID" (formerly Group ID). See the respective entry in this Glossary.
The filter templates are static and predefined.
E.g., a typical filter template states that for events in the Module
Filescan
, the fields FILE and SHA1 are sufficiently specific to group
events based on equal values in these two fields.