Hi, Could you please let me know how can I suppress like event in ESM ?
For example - After first event I should get same event after 5 hits or only one event in 2 min.
Here in below screenshot I just want to get one event after 5 hits or 1 event in 2 min of "user device logon" whenever the same user login from same IP.
Aggregation setting on receivers was set to default and is on for this rule but I don't see its working.Please suggest.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC