cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Highlighted
GideonTriple
GideonTriple
Level 8
Report Inappropriate Content
Message 1 of 2
‎06-14-2018 01:36 AM

Correlation over a period of time

Jump to solution

I have two events I am trying to correlate together, for the example we will say that one is administrative login and the other is a change in the firewall.
I would like it to be configured so that if an event showing admin login has occured in the last 12 hours and then there is a change in the firewall, I'd like to get a notification for it.
Currently I set the time window to 12 hours, I am not sure if this will grant me the required result.
Thanks in advance for any support

Labels (3)
1 person had this problem.
0 Kudos
Reply
1 Solution

Accepted Solutions
David1111
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 2
‎11-04-2018 02:55 AM

Re: Correlation over a period of time

Jump to solution

Hi, 

it seem's good.

just confirm that there's a "AND" gate for both events.

 

Best regards

David

Reply
1 Reply
David1111
Reliable Contributor David1111
Reliable Contributor
Report Inappropriate Content
Message 2 of 2
‎11-04-2018 02:55 AM

Re: Correlation over a period of time

Jump to solution

Hi, 

it seem's good.

just confirm that there's a "AND" gate for both events.

 

Best regards

David

Reply
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator