This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Alert Configuration

Go to solution
HemantKumar1
Beginner
Beginner

‎2015-12-09 10:57 AM

We are using RSA SA 10.4 AIO without ESA.

 

How can I configure alerts such that when X amount of alerts come in of the same event, only one alert gets sent to the recipients displaying the times the event occurred.

 

Use Case:

  A group got added to the local administrators group on multiple systems within 5 minutes of each other. Currently, we will get  10 email alerts in a row. We would like one email alert showing all 10 events when it occurs within specified time frame. Eg. Within 5 minutes

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
RSAAdmin
Beginner
Beginner

‎2015-12-10 11:43 AM

Hello

 

I dont think this is possible with just he reporting engine and no ESA. It is not possible to combine alerts into one email. This is a use case for an ESA I'm afraid. With the reporting engine, you can either have the alerts sent or not.

View solution in original post

1 REPLY 1

Go to solution
RSAAdmin
Beginner
Beginner

‎2015-12-10 11:43 AM

Hello

 

I dont think this is possible with just he reporting engine and no ESA. It is not possible to combine alerts into one email. This is a use case for an ESA I'm afraid. With the reporting engine, you can either have the alerts sent or not.

© 2022 RSA Security LLC or its affiliates. All rights reserved.