Hi,
I want to ask regarding the possibility to create use case (to get alert) where we want to track situation where some specific user did not logged into the system (for example on Windows machine) more then 15 days.
Is it possible to be done using Netwitness ESA correlation engine?
Regards
Thank you Sravan,
I will try that.
Is there any possibility in the Netwitness to put results of the rule into one list (where I can define time to live) and later on to create another rule to use those results if needed?
Regards
What I want to ask you is there any possibility using one ESA rule to automatically populate a list and later on I can create another rule (or rules) and use the data from that list (which is automatically populated using the first rule) .
Thanks
Hi Petar Nikovic,
I don't see any option to create list from ESA. But, i can create list with with Report using Dynamic list in Schedule of report. Reporting: Schedule Report Panel
Hi Sravan,
Tnx for the quick answer.
One more question: When I populate that Dynamic list with Report can I use ESA rule or Incident rule to use that list (use the results from that list) ?
Can I define time to live period for the values in that Dynamic list?
Regards
ESA script outputs + Context Hub Lists sounds like what you're looking for here:
I think that is it.
Thank`s a lot guys
Hi Petar Nikovic,
Please Create a list with users in Reports->List
Create a rule with Where User = <the list created> Run for last 15 days.
Then Will have to compare the results with list to find did not logged in for 15 days.
ESA used only for real-time correlation.