We want to detect and alert if there is a remarkable hike in EPS from multiple devices. for example if 30% increase in EPS for a particular device it need to generate an alert. How simply we can achieve this
I have moved this thread to the RSA NetWitness Platform community so that you can get an answer to your question.
You may use the "Monitoring Policies" option for this under Administration -> Event Sources
Refer: ESM: Monitoring Policies Tab
Retrieving data ...