This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2012-07-09 08:35 AM

Event Trigger time in Correlation rule

Dear All, Please help me in writing a correlation rule to trigger the alert if some event happens between certime timeframe , say between 10PM to 4AM. How can I configure the time frame in correlation rule? Thanks, MAK.
0 Likes
Reply
2 Replies
RSAAdmin
Beginner
Beginner
‎2012-07-10 12:01 PM

Unfortunately within correlation rules you don't have great functionality over time ranges. You will have to run scheduled jobs to start the view at 10:00 and stop the view at 16:00.

 

I have attached two .bat files which can start and stop your view by editing one line in the code. Set these up as scheduled tasks and change INSERT VIEW NAME HERE to your view name, i.e. - Failed Login

 

Hope this helps,

Lee

 

 

 

Preview file
1 KB
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to RSAAdmin
‎2012-07-10 12:02 PM

And the other...
Preview file
1 KB
0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.