This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA enVision® Discussions

Browse the RSA enVision discussion board to get product help and collaborate with other users of RSA enVision.
RSAAdmin
Beginner
Beginner
‎2013-05-04 11:50 PM

Need to Create a Rule for device not sending logs for more than 1 hour in RSA Envision

Hi All,

Can anyone help me to write a correlation rule for the device not sending logs for more than 1 hour. I already have rule for device not sending logs for more than 4 hours, but the client requirement is that he wants the alert for the devices not sending logs for more than 1 hour.

 

Any help would be greatful.

 

Regards,

Samad M

0 Likes
Reply
4 Replies
areebasad
Beginner
Beginner
‎2013-05-05 03:01 AM

Samad,

 

Try the Attached Correlation Rule.

 

Regards

Preview file
3 KB
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to areebasad
‎2013-05-05 03:47 AM

Hi Areeb,

 

Thanks for the info.

 

Would be greatful if you can share the html file for the same.

 

Thanks,

Samad

0 Likes
Reply
areebasad
Beginner
Beginner
In response to RSAAdmin
‎2013-05-05 03:58 AM

Hi,

 

Here is the HTML

Correlation Rule Details.zip
0 Likes
Reply
RSAAdmin
Beginner
Beginner
In response to areebasad
‎2013-05-05 04:04 AM

Thanks Areeb...I will Check this and update.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.