RSA Admin

correlation rule

Discussion created by RSA Admin Employee on Apr 27, 2012
Latest reply on May 3, 2012 by RSA Admin
hi, I need to configure a correlated alert for denied connections on firewall from a single source IP where threshold is 2000 connections denied in 5 minutes. I made the rule but the o/p is not coming correctly. how to define filter or cache and multithreading in this rule for a single source IP.

Outcomes