This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements

RSA NetWitness® Platform Discussions

Discussions about the RSA NetWitness Platform.
OrnaldoNaqellar
Beginner
Beginner
‎2019-01-11 02:17 AM

Windows Off Hours Logins Report

Hello,

I have created a build rule:

reference.id ='4624' && ec.activity="Logon" && device.type='winevent_nic' && logon.type !='3' && logon.type !='5'

Based on that rule i have created reports and schedule it to run daily at 23:45 so i can have activity from: 18:00 (

past day)  - 07:45 ( That day).
But i have noticed that i do not get the result correct. I now users that have been logged at 19:00
but there are not showing at report.

Please any advice ?
Labels (1)
Labels
0 Likes
Reply
2 Replies
MYNUR
New Contributor
New Contributor
‎2019-01-13 10:51 PM

hello, question here. is your event detected? and date timestamp is parsed?

0 Likes
Reply
OrnaldoNaqellar
Beginner
Beginner
In response to MYNUR
‎2019-01-14 02:50 AM

Hello. yes we are receiving logs from our AD with windows events. Even with the time stamp

0 Likes
Reply
© 2021 RSA Security LLC or its affiliates.
All rights reserved.