I need to create a view that notices me when a virus is moving on the network.
First of all, I created an alert called Virus, it has only one circuit called Virus too that fires when an event in Attack.Malicious Code is raised 10 times per minute.
Then, I created a view with this Correlated Rule. But I have this status : Error in view.
Is my method good ? Where do you think the mistake is ?
Thanks for your answers,