AttackTrace rule

A dynamic rule that looks for related events that match the source or target IP addresses that are associated with the incident. The incident is automatically updated and reprioritized when the AttackTrace rule finds additional events and information. AttackTrace rules update their search criteria as new events are added to the incident.