Ok cool.
Can you edit the correlation rule to look like this - i.e. add the Provider *USB* condition and also adjust the response window to 5 minutes? Can you also make sure to click Activate Rules on the main Build - Rules page?
↧
Channel:
THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
X
Are you the publisher?
Claim or
contact us
about this channel.
X
0
Channel Details:
- Title: THWACK: Message List - Security Event Manager (SEM) - Formerly Log & Event Manager
- Channel Number: 13526340
- Language: English
- Registered On: May 17, 2013, 5:14 am
- Number of Articles: 5385
- Latest Snapshot: February 19, 2020, 1:10 pm
- RSS URL: http://thwack.solarwinds.com/community/feeds/messages?community=2029
- Publisher: https://thwack.solarwinds.com/community/it-security/security-event-manager-sem?view=discussions
- Description: Most recent forum messages
- Catalog: //event36.rssing.com/catalog.php?indx=13526340
© 2025 //www.rssing.com