I want to create several correlation rules but currently stuck at a single point.
Let's say I want to do the following log,
Same Source IP, Same Destination IP's, Different Usernames --> Log
What would the statement be for "Same" & "Different" when it comes to Source IP or Source User?
do's anyone have a answer?
I need even something similar.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC