Quantcast
Channel: Questions in topic: "splunk-enterprise"
Viewing all articles
Browse latest Browse all 47296

ES App criteria behind correlation rules.

$
0
0
Hi, I was looking at logic behind the correlation rules that are inbuilt in ES App. But it was not so clear like for example for bruteforcing rule. I would like to know the criteria for triggering this rule. By editng the rule I am able to see it runs every five min but on what basis this rule matches the events to trigger as bruteforcing.(example :Number of login failure more than 10 times in a minute. etc.) Similarly I would like to know the criteria for the rules present in the ES App. Thanks,

Viewing all articles
Browse latest Browse all 47296

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>