is it possible to create correlation rule with accumulator field ?
for example :
i want to create this rule :
destination IP is 220.127.116.11 and destination port is 389 and sent_bytes > 100000 (total) in time frame of 10 minutes and group by source IP
is it possible?
Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center
2821 Mission College Blvd.
Santa Clara, CA 95054 USA
Consumer Support | Enterprise Support | McAfee.com
Legal | Privacy | Copyright © 2019 McAfee, LLC