This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

How to create alert with variable set and filter set?

elenamaria
Beginner
Beginner

‎2016-11-02 10:38 AM

I have to migrate alerts to Envision to Security Analytics and i have doubts, about it.
How can I add?
cache set: Name = user1 and Variable Associate With = username
filter set: variable = username comparasion = IN cache value = user1

 

Thanks

0 Likes
11 REPLIES 11

elenamaria
Beginner
Beginner
In response to NaushadKasu1

‎2016-11-03 11:04 AM

If you see the screenshots,

there is a field CACHE SET with sourceIP associate with variable client_ip.

 

2016-11-03 16:00 GMT+01:00 Naushad Kasu <no-reply@rsa.com>:

 

 

<https://community.rsa.com/?et=watches.email.thread>

Re: How to create alert with variable set and filter set?

 

reply from Naushad Kasu

<https://community.rsa.com/people/psGMi56HbaehtdgCfBAG3odxAUvR7AXvWAoBnEVSrTM=?et=watches.email.thread>

in RSA NetWitness Suite - View the full discussion

<https://community.rsa.com/message/882153?commentID=882153&et=watches.email.thread#comment-882153>

 

0 Likes

NaushadKasu1
Trusted Contributor Trusted Contributor
Trusted Contributor
In response to elenamaria

‎2016-11-03 11:17 AM

I believe that is a performance feature for enVision which you can ignore in Security Analytics (I'm fairly positive).  See the discussion below regarding cache set variables vs multi-threading in enVision:

 

https://community.rsa.com/message/711808?commentID=711808#comment-711808 

© 2022 RSA Security LLC or its affiliates. All rights reserved.