This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Log Outage from a device more than 1 day

MohamedIqbalBa1
Beginner
Beginner

‎2018-01-24 03:47 AM

Hi Guys,

 

I am new to RSA so your response is much appreciable. 

 

I would like to generate an alert for any device which is not reporting for more than 1 day.

 

Kindly help me with the logic to built the alerts

0 Likes
1 REPLY 1

SravanKoneti1
Beginner
Beginner

‎2018-01-24 04:41 AM

Hi Mohammed,

 

you can try two options.

Option1:

Navigate to Administration->Event Sources->Monitoring polices page.

Here you can enable polices of each device type to alert if no logs for certain period.

Reference:https://community.rsa.com/docs/DOC-84253 

 

Option2:

Go to Live and Deploy "No logs traffic from device in given time frame"  ESA rule.

Modify the rule to specify each device IP to monitor and report an alert.

© 2022 RSA Security LLC or its affiliates. All rights reserved.