Sorry for such a simple questioni
I had a simple ESA rule that was working prior to upgrading to 22.214.171.124. but now it's not triggering anymore and gives an error about in incorrect use of an OR clause or something to that effect
The rule basically goes.
If alert contains 'panda' OR 'bear' OR 'spider' AND IP address is not 126.96.36.199 then generate an alert and notify by email.
Rather than trying to troubleshoot the old rule, I'm happy to just create a new, working one. Could someone help me in how this would look in the rule builder?