How do I configure an Event Processing Rule to alert me when an event contains a specific string of text?
Security Manager 3.X
Security Manager 4.X
Security Manager 5.X
Event Processing Rules that are configured to search for a string of text in an event are not generating alerts, even though the string is specified in the rule criteria.
Security Manager is case-sensitive when parsing for text strings.
In order for Security Manager to correctly match a string of text in the body of an event, the rule criteria must contain the string EXACTLY as it appears in the event, including case.
For example, if the alert should be generated when it encounters the text 'ABCD' in an event, the alert criteria must specify 'ABCD' as the text string to match. The alert will NOT be generated if the text 'abcd' is specified in the rule criteria.