Zachery

Correlation Rules for Virus Alerts

Discussion created by Zachery on Dec 21, 2011
Latest reply on Jan 11, 2012 by Zachery
Hi all, What would be the best way to setup a correlation rule if I want to alert on say the same virus has been detected again within a week period? So if Monday virus X is detected and another X virus on Friday is detected it will generate an alert? Should it be multithreaded so it will start a new thread whenever a new virus is detected? Thanks.

Outcomes