Rule help

I'm trying to set up a rule that will send an email any time an event comes in from a specific tool alias.  Do rules specifically have to use Events or can they use Event Groups like [Any Alert]?

I'm not sure why this doesn't work.  Logically I would think it would.  But I never get the actual email for this rule even after sending some test data that should trigger the rule.

Capture.JPG

Parents
  • AnyAlert is a great starting point.  Once you narrow it down the event, I would use the specific Alert name.  For example, to find a userlogon.  Use the AnyAlert.eventinfo to find the specific event.  Then using the details view, use the specific alert name (UserLogon).  Once the filter is in place, use it as a basis for the rule creation.  This way you're sure that the condition is correct.

Reply
  • AnyAlert is a great starting point.  Once you narrow it down the event, I would use the specific Alert name.  For example, to find a userlogon.  Use the AnyAlert.eventinfo to find the specific event.  Then using the details view, use the specific alert name (UserLogon).  Once the filter is in place, use it as a basis for the rule creation.  This way you're sure that the condition is correct.

Children
No Data