2 Replies Latest reply on Jun 4, 2014 5:20 PM by infosec_wizard

    Alarm on deviations from baseline

    alfoc

      Hi everybody!

       

      I'm SIEM ESM 9.3.2 user. How can I create an alarm on deviations from baseline for total event count?

       

      For example, I want monitoring the deviations shown by a view "Event Distribution Bound to Event Summary".

      A single alarm for each data source does not work, because the view "Event summary" (with baseline) doesn't shown the missing events (but only the events detected).

       

      In your opinion, which is the best practise for monitoring malfunctions (lack of data) of the data sources?

       

      Thank you