Analyze Event Pattern arranges data to get rid of pattern duplications.
For example in the case of outgoing ( client mode ) event there is few meaning of a local port number allocated by system randomly. You had better to ignore it to find actually different events from that. The command performs the analysis based on such judgments.
[TCP/UDP]
Outgoing
Time : the last event
Remote IP : the last event
Remote Port : fixed
Local IP : the last event
Local Port : the last event
Occurrences : count of occurrences in each event
Application Name : fixed
Rule name : fixed
Begin Time : the first event
End Time : the last event
Incoming
Time : the last event
Remote IP : the last event
Remote Port : the last event
Local IP : the last event
Local Port : fixed
Occurrences : count of occurrences in each event
Application Name : fixed
Rule name : fixed
Begin Time : the first event
End Time : the last event
Note : There are exceptions like TCP incoming remote port 20 ( FTP ).
[ICMP]
Time : the last event
Remote IP : the last event
Remote Port ( Code ) : fixed
Local IP : the last event
Local Port ( Type ) : fixed
Occurrences : count of occurrences in each event
Application Name : fixed
Rule name : fixed
Begin Time : the first event
End Time : the last event