Solved: McAfee Support Community - Does anyone one know how to filter by event count?

paul.k · ‎04-28-2017

Dear community,

I am trying to generate some reports where I pick out a source or destination IP when a certain event count threshold is met

For example

all source IP addresses greater than 1000 Total Event count .

While I see more than one way to display this data, i can't find a way to create a report, or a view to display this data with the filter in mind.

Does any one have any clue if this is even possible?

Thanks

andy777 · ‎05-08-2017

Have you considered creating correlation rules for the thresholds and reporting on those events when they fire?

andy777 · ‎05-08-2017

Have you considered creating correlation rules for the thresholds and reporting on those events when they fire?

paul.k · ‎05-08-2017

I did but I am trying to avoid creating unnecessary correlation hits.

It's also not quite what I am looking for.

Good Idea though. I might just have to consider doing that in historical mode.

paul.k · ‎05-17-2017

Andy,

I figured that out in the last a few days ago.

Been meaning to reply.

Thanks,

cristianradu · ‎03-27-2019

How did you managed to filter based on event count?

Does anyone one know how to filter by event count?