This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

zero size in correlation rule

Anonymous
Not applicable

‎2014-01-22 02:16 PM

i have made a correlation rule for 5 or more than 5 time  failed logon on a single ip or single destination but when alert goes hit then we are not able to see meta key, in event viewer it showing 0 size.

refer attached screen shot.

Preview file
1454 KB
0 Likes
4 REPLIES 4

Anonymous
Not applicable

‎2014-01-23 03:10 PM

ive seen the same since i implemented 2 correlation rules, i figured it was SOP for SA.

0 Likes

Anonymous
Not applicable
In response to Anonymous

‎2014-01-24 12:45 AM

SOP means? do you have any solution of this issue?

0 Likes

Anonymous
Not applicable

‎2014-01-24 10:54 AM

standard operating procedure.

0 Likes

Anonymous
Not applicable

‎2014-03-05 10:03 AM

so whats the solution for correlation alert, can we get correlated alert on our mail id without using any ESA appliance because i am not able to set any output action on mention correlated alert.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.