AnsweredAssumed Answered

(Urgent) RSA NetWitness timeframe rule

Question asked by Haitham AbuHejleh on Apr 12, 2019
Latest reply on Apr 23, 2019 by Haitham AbuHejleh

Hi ,

 

I need urgent help in creating NetWitness rule as below:

1- MS DC users who logged in during a specific time frame (e.g. from 6:00PM-to-6:00AM).
2- MS DC users who upgraded into admin.
3- MS DC users who did brute-force attempts.

 

Looking forward to hearing from you asap

 

Haitham

Outcomes