This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

ESA Rule- How to avoid reiteration of notification in console

VarunGovindaraj
Contributor
Contributor

‎2020-02-19 05:28 AM

Hi,

 

For the ESA Rule is there an option not to create additional notifications for certain time post first notification. For example lets take an alert logic where the requirement is to alert multiple failed login attempted by User A for 5 times in 2 minutes where in I could create rule logic but could not restrict in such a way that once alert has triggered alert for same user should not be triggered for say next 6 hours.

 

Any suggestions is much appreciated.

 

Regards,

Varun P G

0 Likes
3 REPLIES 3

sravan.koneti
Respected Contributor Respected Contributor
Respected Contributor

‎2020-02-19 05:39 AM

Varun Govindaraj‌,

 

Please use OUTPUT FIRST EVERY 6 hours; syntax in Rule for supressing duplicate alerts for 6 hours.

 

Refer https://community.rsa.com/docs/DOC-104243 

VarunGovindaraj
Contributor
Contributor

‎2020-02-19 07:42 AM

Hi Sravan,

 

Would there be any performance issue which I should think about on the time window?

 

Regards,

Varun P G

0 Likes

sravan.koneti
Respected Contributor Respected Contributor
Respected Contributor
In response to VarunGovindaraj

‎2020-02-20 12:37 AM

Hi Varun Govindaraj‌,

This will not impact performance of ESA. But, advances to avoid duplicate alerting.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.