Hi Guys,
I am new to RSA so your response is much appreciable.
I would like to generate an alert for any device which is not reporting for more than 1 day.
Kindly help me with the logic to built the alerts
Hi Mohammed,
you can try two options.
Option1:
Navigate to Administration->Event Sources->Monitoring polices page.
Here you can enable polices of each device type to alert if no logs for certain period.
Reference:ESM: Monitoring Policies Tab
Option2:
Go to Live and Deploy "No logs traffic from device in given time frame" ESA rule.
Modify the rule to specify each device IP to monitor and report an alert.
Hi Mohammed,
you can try two options.
Option1:
Navigate to Administration->Event Sources->Monitoring polices page.
Here you can enable polices of each device type to alert if no logs for certain period.
Reference:ESM: Monitoring Policies Tab
Option2:
Go to Live and Deploy "No logs traffic from device in given time frame" ESA rule.
Modify the rule to specify each device IP to monitor and report an alert.