should be able to, do it by same destination IP and two signature IDs.
Thanks, but how would it look? Which signature IDS?
Not sure what the signature IDs are, but you can find it in event drill down. so, it will be something like:
- with in 10 minutes
- group by source IP
- unique destination IP = 1
- contains signature A and B
Would I need a destination IP?
I am thinking:
New correlation rule
First check for IP range - ( Can I define a subnet range?)
Check for 278-302014
maybe you do. I am not exactly sure what you wanted to do with your correlation rule.