I created a ESA advanced rule to detect command "monitor session" from
Cisco ACS device. The rule requirement is simply, but i have to use
Advanced one, because meta "Action" is an array. Here below the code, I
got it from other post. I can sync to E...
I am new with EPSER. I am trying to create a ESA advanced rule to detect
system configuration during trading hours This is what I created, using
"current_timestamp" function to see whether it is Mon-Fri 9am-5:59pm.
While I save the rule, I got no val...
I have changed the rules as follow for testing of the event_time
statement, but still no luck SELECT * FROM Event( /* Statement:
WindowsDeviceChange */ (device_type IN ( 'winevent_nic' ) AND
(event_time*1000).getHourOfDay() in (9,10,11,12,13,14,15,16...
10.4 is using. I tried your statement. No syntax error, but not able to
sync up to ESA. Got java.util.concurrent.ExecutionException:
java.lang.illegalAurgementException: Esper deployment of module
Hi Lee, SELECT * FROM Event WHERE action.anyOf(i =>
i.toLowerCase().contains("monitor") and device_type IN
('ciscosecureacs')) I create rule with the above statement, but it is
not working and found a error log in ESA as below "Expected array-type
in...
