This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2010-04-12 07:12 AM

Correlation rules

Hi people,

 

today I have created a rule stating that if any new devices onboard or deleted from the existing list To get alerted on that. I was confused to select which event category I need to select. (I selected the system crypto. But that didn't work. I deleted a device and added the same device still my rules is not working. When I din that it asked me to restart INC alert and collector alert service I did that but still no luck could anyone please help me to sort out this

 

thanks in advance for help

regards

shri

0 Likes
Reply
1 Reply
RSAAdmin
Beginner
Beginner
‎2010-04-13 02:29 PM

Hi

 

Are you looking for any new devices that show up.

NIC024 does that.  You can use that in a View, and set up you output.

I don't know about ones that disapear, however, you can use the correlated report NIC023 in a View.

This will show you when a monitored device stops sending data.

 

I hope this helps

 

Thanks

 

Tim

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.