1 Reply Latest reply on Apr 30, 2013 2:19 PM by Scott Taschler

    Correlation on the same packet?

    Peter Näslund

      I'm having difficulty creating a correlation rule that will trigger on one unique packet. In this packet I would like to check for a Signature AND an Event Subtype.

       

      I do not want the rule to trigger on the Signature in one packet and the Event Subtype in another packet.

       

      I'm now getting a lot of false alarms that does not have the two conditions in the same packet.