Article Content
Article Number | 000031569 |
Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: SA Security Analytics Server RSA Version/Condition: 10.5.x O/S Version: 6 |
Issue | When writing a query only the following operators are available
|
Tasks | To solve this issue create an app rule that will tag the meta that you are interested, For example, suppose you wanted to find all destination usernames that did not begin with foo. You can create an app rule on your logdecoder as follows
|
Resolution | In your report, use the following in your rule to display all usernames that do not begin with foo. select: user.dst where alert != '"Account Begins with Foo" |