Description
—Specifies the match conditions
for which the firewall or Panorama will analyze logs. It describes
the sequence of conditions that are matched on to identify acceleration
or escalation of malicious activity or suspicious host behavior.
For example, the
Compromise Lifecycle
object
detects a host involved in a complete attack lifecycle in a three-step
escalation that starts with scanning or probing activity, progressing
to exploitation, and concluding with network contact to a known
malicious domain.