1 Reply Latest reply on Feb 26, 2016 6:02 AM by rlourenco

    Monitoring Critical Services/Applications through ESM Nitro


      Dear All,


      We are using ESM Nitro ver 9.5.2. We have deployed SIEM collector agent over our Windows Server 2008R2. We have some critical services running over these servers for instance Snort. We want to create Risk Based Correlation so that if any of our critical service/application goes down an alarm should be generated for it against.


      Kindly advise as how to create Risk based correlation to monitor our critical services.





        • 1. Re: Monitoring Critical Services/Applications through ESM Nitro


          From what you described i dont think you want a risk based rule.  as risk based rules will trigger based on theasholds and weightings assigned to assets.  what you said you wanted is an alarm when a service or application goes down.

          if its a service you can monitor it using the following type of rule:

          Signature ID in 43-216070360

          Command in Stopped

          Application in "Application or Service display name"