cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
nsenkevich
Level 7

Creating A Non-Event Specific Rule

Hello,

Are there any parameters or correlations that can be used to created a LEM rule to alert for any and all logs for a specific IP coming in and out? I have a file server I need to monitor, but I cannot create any rule that is generic enough to cache different types of data.

Is there anything that can be recommended? Plus, possibly any other rules that may be valuable to set for DLP monitoring rule set for this file server?

Thank you,

Nickolas

Labels (3)
0 Kudos