Balazs Imre

correlated alert based on preceding event happend

Discussion created by Balazs Imre on Oct 6, 2009
Latest reply on Oct 7, 2009 by Balazs Imre

Hi, 

 

How would you create a correlation rule which alerts on events that should have had a preceding event, I mean a user is accessing some resources (event1) without having a login event (event0) received before.

 

Thanks,

Balazs

Outcomes