This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
MaximilianoCitt
Beginner
Beginner
‎2019-04-08 01:14 PM

@RSAAlert in Advanced EPL

Hi everyone, Did anyone have information about the RSAAlert parameters for Advanced EPL rules? Especially the "oneInSeconds" param means and wich are it boundaries?

 

Thanks in advance

0 Likes
Reply
3 Replies
JamesMoon
Employee
Employee
‎2019-04-08 06:49 PM

Hi Maximiliano,

@RSAAlert is an annotation that's required to generate alert notifications.

oneInSecords is a legacy annotation and only applies to SA 10.3. It used to be Security Analytics’ notification suppression.

 

Please find more information on @RSAAlert from https://community.rsa.com/docs/DOC-80047.

Reply
MaximilianoCitt
Beginner
Beginner
In response to JamesMoon
‎2019-04-09 10:53 AM

Thank you very much James! I have read the article before, but it doesn't mention about the oneInSeconds parameters. I wonder if there is any way to suppress an alert output beyond the 100 minutes of the notification box restriction.

0 Likes
Reply
FacundoOrsi
Beginner
Beginner
In response to MaximilianoCitt
‎2019-04-09 03:02 PM

Maxi, have you tried the "output first every X hours" on the advanced EPL Rule? You can combine it with the identifiers attribute on the @RSAAlert.

 

Abrazo.

0 Likes
Reply
© 2020 RSA Security LLC or its affiliates.
All rights reserved.