0 Replies Latest reply on Aug 14, 2014 9:45 AM by pfabrizi

    ePolicy Orchestor Correlations


      I am trying to create a correlation rule with the following confiuration:


      Device = ePolicy Orchestrator - ePolicy Orchestrator_VirusScan (ePO)

      AND   Threat_Category = av.detect,av.pup

      AND   Threat_Name [does not begin] JS/


      I added this - threat_name not in (/^JS/)  


      When I deployed the rule the only option I had was to go to EPO itself, not the individual device and when I went to EPO in ESM to enable there is only log parser in the policy editor but nothing for correlation rule.




      will the regex for the threat_name work?


      Is there a way to apply the correlation rule to ePolicy Orchestrator ?




      Thank You!