cancel
Showing results for 
Search instead for 
Did you mean: 

Correlation based on Firing of another Correlation or Event

I need to create  correlation that does the following within 10 mins of another event firing.

How can this e done?

 

(Threat_Category  = av.detect,av.pup)


Within 10 minutes of


(Threat_Category  = hip.Files,nip.detect,hip.Program,hip.Registry,hip.Buffer_Overflow)

Thank You!