Hello. Our config is only Concentrator and Packet decoder. We do not have ESA live account. Now I would like to know how we could create custom alerts using rule builder. I tried this way > Alerts > Configure > Rule library > Rulebuilder > Conditions >
When I am trying to use metakeys it is not accepting metakeys. I am using correct syntax (ie tcp_dstport). My role permission is set to manage rules under my role by my administrator. Can any one help me with this please?