Morning All, quite new to this......I'm trying to set up a correlation rule that shows users logged on over 12 hours............thank you
You will need to have at least 2 events for this.
Often you can build these types of correlation rules by looking for the login event, and absence of the logout event. This requires a logout event in addition to the login. You will want to group by Source User.
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center