RSA Admin

Dynamic lists

Discussion created by RSA Admin Employee on May 3, 2012
Latest reply on May 14, 2012 by securitysavy
Hi all, I need to use dynamic lists (like active lists in ArcSight) to use them on correlation alerts. I cannot modify watchlists as an output action, so I do not know how to do it. This kind of lists could be useful for monitoring. For example, if I want to know which users are currently logged in or which machines are currently updated. Does somebody try to define these correlation rules? Thank you. Best regards!

Outcomes