This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

New Requirement for my team, we have to identify users that are concurrently logged into numerous devices.

My team is being asked to identify users that are concurrently logged into numerous servers. We maintain server farms.

Any quick rule for doing this? Any ideas?

We don't want to list all the servers in the rule. Maybe a count on something?

Parents
  • You could use Rules occurence settings in new UI (advanced correlation in older Flex UI) to specify that userName/sourceAccount have to be same in the alerts AND source IP of the event should differ. Set "Set time when a rule won't trigger actions after rule was true" (Re-Infer TOT - in Flex) as well to not fire rule multiple times during few seconds.

Reply
  • You could use Rules occurence settings in new UI (advanced correlation in older Flex UI) to specify that userName/sourceAccount have to be same in the alerts AND source IP of the event should differ. Set "Set time when a rule won't trigger actions after rule was true" (Re-Infer TOT - in Flex) as well to not fire rule multiple times during few seconds.

Children
No Data