I am trying to generate some reports where I pick out a source or destination IP when a certain event count threshold is met
all source IP addresses greater than 1000 Total Event count .
While I see more than one way to display this data, i can't find a way to create a report, or a view to display this data with the filter in mind.
Does any one have any clue if this is even possible?
Solved! Go to Solution.
I did but I am trying to avoid creating unnecessary correlation hits.
It's also not quite what I am looking for.
Good Idea though. I might just have to consider doing that in historical mode.