Who Me Too'd this topic

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Monitor specific event for period of time - correlation rule

dear all,

do any one have and idea how to monitor the amount of event for the period of time [alarm or correlation rule]

i need to summarized the event for example i wanna know how many sql injection attack event from a single ip for 5 minute. i know that correlation can set the threshold of the event but i want to how many event occur in 10 minute.

Dashboard can do that but i need to do with correlation or alarm because i need to user mark as review feature or acknowledge to filter out the event that i have already investigated

Who Me Too'd this topic

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community