RSA Admin

Multi-Thread and Baseline Threshold

Discussion created by RSA Admin Employee on Jun 11, 2008
Latest reply on Sep 6, 2010 by GrzegorzF

Has anybody tried using/creating a correlated rule that uses the baseline threshold and multi-threading on a particular variable (dport, sport, laddr, sadd, etc) in the field? Is this possible to alert on a percentage deviation from a min/hour/day baseline?


Any input would greatly be appreciated?