Imre Balazs

correlated alert based on preceding event happend

Discussion created by Imre Balazs on Oct 6, 2009
Latest reply on Oct 7, 2009 by Imre Balazs

Hi, 

 

How would you create a correlation rule which alerts on events that should have had a preceding event, I mean a user is accessing some resources (event1) without having a login event (event0) received before.

 

Thanks,

Balazs

Outcomes