Skip to Content
Information
Limited support BMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see BMC AMI Command Center for Security 6.2.

Simple keyword matches

Correlation match expressions are text strings. Each of these text strings specifies a set of received messages that share a common characteristic. Match expressions range from extremely simple matches of keywords to highly involved and lengthy match specifications composed of many different sub-expressions.

The most common type of correlation match expression is a simple keyword that performs a partial or full-keyword match. The keyword cannot contain any spaces. This type of expression is also one of the most useful.

Information
Example

You can enter the keyword alert to match one or more occurrences of alert, ALERT, alerting or alerter anywhere in the body of the received message.

Warning

Note

Keyword matches are case insensitive.

There is no capability (or need) for BMC Defender Server to match a particular letter case. This might initially appear to be somewhat of a limitation, but practice shows that enforcing a policy of case-insensitivity in all matches results in a very high degree of Cohesive Semantic Similarity in received messages.

Information
Example

An expression of the keyword alert should naturally match an occurrence of Alert in a message, in as much as the words have the exact same meaning apart from their letter-case.

 It becomes clear in practice that a match can always be further qualified by some mechanism other than the letter-case of a particular keyword in the message.

Related topic

Simple-match-expressions


 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Command Center for Security 6.1