View for virus attacks
I need to create a view that notices me when a virus is moving on the network.
First of all, I created an alert called Virus, it has only one circuit called Virus too that fires when an event in Attack.Malicious Code is raised 10 times per minute.
Then, I created a view with this Correlated Rule. But I have this status : Error in view.
Is my method good ? Where do you think the mistake is ?
Thanks for your answers,
enVison 4.0 SP4 P5 give such error if you use device group. You have to use the IP address of the device(s).
I have a case open since weeks with the support and i' wainting, waiting, waiting........ for an answert.
The pi_alert.log reports:
> 11:44:00: thrd(CPS8-AdminModifications) %NIC-4-608025: Alerter,
> Alerter, -, -, -, -, Detail: 0: 9712 view=Wink8-AdminModifications
> error no devices configured.
Reconfigure your CRL with the fixed ip of devices and the view starts correctly.