1 2 3 Previous Next 28 Replies Latest reply on May 27, 2016 12:13 PM by asadz

    Anomaly rule brute force scanning activity

    asadz

      Hello,

       

      I'm writing my first correlation rule "McAfee ESM ver 9.5.2 ", Please see attach for rule logic. Also, the rule in writing means

       

      " any source to single destination to fixed port 443 100 events in one minute"

       

      Thanks

       

      rule.PNG

       

      The problem is that I'm unable to get this rule FIRED.

        1 2 3 Previous Next