Hi,
I tried ESA rule template example which detects sudden loss of traffic from sadocs ESA documentation.
https://sadocs.emc.com/0_en-us/088_SA106/50_Alrt/30_AddRulesLib/20_WrtAdvEPLRl/20_SmpAdvRl
Unfortunally, it does not work in my environement. Here is the EPL :SELECT * FROM pattern [every a = Event(device_ip IN ('IP_X1','IP_X2') AND medium = 32) -> (timer:interval(3600 seconds) AND NOT Event(device_ip = a.device_ip AND device_type = a.device_type AND medium = 32))];
Could you please help me understand why this is not working ?
