7 Replies Latest reply on Apr 19, 2015 3:31 AM by ansarias

    Automatic response aggregation


      I want to create a automatic response for automatic threat event handling. I am done all the options except the aggregation part. Below are the requirements for aggregation .


      Suppose if on Monday 5 events are generated for system XXX and 5 for system YYY. I need to trigger this response once for system XXX and once for system YYY. Mean, it should group events based on Target host name.


      Also, it should trigger once in a week for one system. The number of events should be alteast 1.


      Can someone help me on this please?