This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

@RSAAlert in Advanced EPL

MaximilianoCitt
Frequent Contributor
Frequent Contributor

‎2019-04-08 01:14 PM

Hi everyone, Did anyone have information about the RSAAlert parameters for Advanced EPL rules? Especially the "oneInSeconds" param means and wich are it boundaries?

 

Thanks in advance

0 Likes
3 REPLIES 3

JamesMoon
Frequent Contributor Frequent Contributor
Frequent Contributor

‎2019-04-08 06:49 PM

Hi Maximiliano,

@RSAAlert is an annotation that's required to generate alert notifications.

oneInSecords is a legacy annotation and only applies to SA 10.3. It used to be Security Analytics’ notification suppression.

 

Please find more information on @RSAAlert from https://community.rsa.com/docs/DOC-80047.

MaximilianoCitt
Frequent Contributor
Frequent Contributor
In response to JamesMoon

‎2019-04-09 10:53 AM

Thank you very much James! I have read the article before, but it doesn't mention about the oneInSeconds parameters. I wonder if there is any way to suppress an alert output beyond the 100 minutes of the notification box restriction.

0 Likes

Anonymous
Not applicable
In response to MaximilianoCitt

‎2019-04-09 03:02 PM

Maxi, have you tried the "output first every X hours" on the advanced EPL Rule? You can combine it with the identifiers attribute on the @RSAAlert.

 

Abrazo.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.