0 Replies Latest reply on Sep 13, 2017 10:17 PM by tahira

    Correlation Rule Aggregation


      Hi Team,


      I have got a question on Correlation Rule based aggregation.


      As we all know that aggregation is "ON" by default on McAfee Receivers. Therefore, whenever I make a correlation rule or work on some content packs, I turn OFF aggregation because I dont want to lose more visibility(i.e. aggregate them) on event logs coming from receivers (Or may be I dont understand the concept of aggregation @ Correlation rule, if you guys can share your thoughts on it, Or turning OFF Correlation on ACE would eat-up ACE resources)


      Can you please suggest some best practices for making Rules


      Best Regards