Imre Balázs

correlated alert based on preceding event happend

Discussion created by Imre Balázs on Oct 6, 2009
Latest reply on Oct 7, 2009 by Imre Balázs

Hi, 

 

How would you create a correlation rule which alerts on events that should have had a preceding event, I mean a user is accessing some resources (event1) without having a login event (event0) received before.

 

Thanks,

Balazs

Outcomes