Doesn't work for me neither.
We use this in our environment and it works fine. Our condition is just Device Status Change > Idle Time > 10 minutes in our case. Maybe it isn't your condition but the Action that is the problem?
what's the action of your alert? and what version of esm r u running on? thanks.
For our actions we have Log event, Auto-acknowledge, and Send Message enabled...also, and this should go without saying, but make sure you actually have the alarm Enabled (checkbox) so it's turned on.
We're running version 10.1.1 (just came out a few weeks ago).
Good to know, will give it another try once i upgrade to 10.1.1.
May be this can help
Name : Device Status for Critical Devices
Condition : Type: Device Status Change, Health Monitor Status: Idle Time, Maximum Condition Trigger Frequency : TIME YOU REQUIRED
Devices: Select the Devices you wish monitor
Actions: The Action you wish to take
No need of upgrading the SIEM
I am sure that I have configured it correctly, but don't know why it just doesn't trigger when conditions are met.
Its working for me, we need to check "connection" &"Idle". That when i was able to produce alerts. Thanks guys.