2016-11-02 10:38 AM
I have to migrate alerts to Envision to Security Analytics and i have doubts, about it.
How can I add?
cache set: Name = user1 and Variable Associate With = username
filter set: variable = username comparasion = IN cache value = user1
Thanks
2016-11-03 11:04 AM
If you see the screenshots,
there is a field CACHE SET with sourceIP associate with variable client_ip.
2016-11-03 16:00 GMT+01:00 Naushad Kasu <no-reply@rsa.com>:
<https://community.rsa.com/?et=watches.email.thread>
Re: How to create alert with variable set and filter set?
reply from Naushad Kasu
<https://community.rsa.com/people/psGMi56HbaehtdgCfBAG3odxAUvR7AXvWAoBnEVSrTM=?et=watches.email.thread>
in RSA NetWitness Suite - View the full discussion
<https://community.rsa.com/message/882153?commentID=882153&et=watches.email.thread#comment-882153>
2016-11-03 11:17 AM
I believe that is a performance feature for enVision which you can ignore in Security Analytics (I'm fairly positive). See the discussion below regarding cache set variables vs multi-threading in enVision:
https://community.rsa.com/message/711808?commentID=711808#comment-711808