Help me for get only single alert
47 views
Skip to first unread message
super man
Aug 20, 2020, 2:40:00 PM8/20/20
to ossec-list
Hi all,
My custom rule id is 530 when it stops triggering the alert, a new rule id 531 wants to trigger. I already have written both rules but my requirement is to get an only single alert in between again rule id 530 if the trigger
Jonathan Martín Valera
Aug 21, 2020, 3:03:39 AM8/21/20
to ossec-list
Hi super man,
Do you want to trigger an alert just when another is triggered, and that it only activates once a given time interval?
So far what you've managed to do is generate a second alert every time another one is generated?
Could you share these two rules to see if we can help you?
Best regards.
Do you want to trigger an alert just when another is triggered, and that it only activates once a given time interval?
So far what you've managed to do is generate a second alert every time another one is generated?
Could you share these two rules to see if we can help you?
Best regards.
Reply all
Reply to author
Forward
0 new messages