cancel
Showing results for 
Search instead for 
Did you mean: 
alfoc
Level 8
Report Inappropriate Content
Message 1 of 3

Alarm on deviations from baseline

Hi everybody!

I'm SIEM ESM 9.3.2 user. How can I create an alarm on deviations from baseline for total event count?

For example, I want monitoring the deviations shown by a view "Event Distribution Bound to Event Summary".

A single alarm for each data source does not work, because the view "Event summary" (with baseline) doesn't shown the missing events (but only the events detected).

In your opinion, which is the best practise for monitoring malfunctions (lack of data) of the data sources?

Thank you


2 Replies
alfoc
Level 8
Report Inappropriate Content
Message 2 of 3

Re: Alarm on deviations from baseline

Ok, I've th key!

System Properties -> Alarms -> Condition -> Type: Deviation From Baseline

Re: Alarm on deviations from baseline

Can you provide more details on how you configured this? Which query / filters did you use to accomplish this?