I want to create several correlation rules but currently stuck at a single point.
Let's say I want to do the following log,
Same Source IP, Same Destination IP's, Different Usernames --> Log
What would the statement be for "Same" & "Different" when it comes to Source IP or Source User?
do's anyone have a answer?
I need even something similar.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center