AnsweredAssumed Answered

ESA alert not triggering

Question asked by RSA Admin Employee on May 20, 2015
Latest reply on May 26, 2015 by Lee Kirkpatrick

Hi all,

 

I have created a simple alert in ESA, however it is not triggering at all. The meta keys used in correlation are device_type and ec_outcome and it needs to trigger when it reaches as a threshold of say 50 events. Rule shows as valid.

 

Can someone help me with some pointers as to why this is not trigerring?

 

Please refer attached images showing correlation rule and sample log file with meta key details

 

Thanks in advance!!

Outcomes