One message text :
- Exception:Authentication failed. Please try again: reason: SEC0005E
Logic : I am capturing SEC0005e
Second Message text :
Message Text : - Login:abhishek
Logic : I am capturing Login ID .
Requirement : Now I want these two message text comes in one alert as a single mail .
I have tried to configure a correlation rule with two circuits have above two logics and using : OR , AND , Followed by logic gates but either
i am getting two seperate alerts or i am getting only on the message text in onle alert .
Pls . suggest.
I used to deal with this kind of alert with just one circuit of two statement, the first statement evals the first condition, the second statement evals the second condition.
There you can use the operators AND or OR as you need (inclusive or exclusive).
Pay attention to the field: Within seconds (), That is how many second you will wait for the second event to fire the alert.
You receive two email because you have defined two single alerts for each events, to try this correlated alert must deactivate the others two alerts (I recomend you to test before deactivate it, during the test phase you will get 3 alerts).
Hope this help you.