1 of 1 people found this helpful
Try setting your 'Response Window' to 30 seconds and click Save instead of Apply and then Save (more on that below). I just had my correlation time at the same settings as you and it wouldn't work. I changed that and it started working as intended.
I've recently upgraded to 5.6 and it looks like when you click Apply, the Correlation Time does not save, if you've updated these. I did find that just clicking Save instead of Apply and then Save, made the change stick. I don't know if that is just an issue with mine or just an issue in general.
I've tried to find some good documentation on the Correlation Time, but have yet to find any that clearly defines what the fields mean and what are acceptable values in these fields. I hope this helps!
Thanks for the reply and infact using the save button instead of using apply keeps the changes to the Correlation Time menu (that issue was pretty anoying). As for the rules they still don't seem to fire according to the widget in the OPS Center, yet looking in the monitor tool I can clearly see the service has been stopped.
(note i removed the machine names from this image)
Okay so a few more things didn't seem right with the console this morning with a few of the widgets stating they had no data and showing sample data instead. So I decided to reboot the Virtual server and now hey presto my rules are firing correclty and the USB defender software is working as it should.