This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
gargSaab
Ensign
Ensign
‎2019-09-15 08:51
337 views

Arcsight rule

Hello Geek
Can anybody suggest me how to print values from an active list eg I populated an active list from a rule and this active list contains hostname .now I need to create second rule where I need to trigger an alert which contains all hostname values.
Any suggestions...
0 Likes
Reply
Report Inappropriate Content
2 Replies
kUMters
Commodore Commodore
Commodore
‎2019-09-15 09:56

Create a report which will give you a list of values from AL...

PS: To generate an alert (correlated event) you need input event to trigger it.

__
Solution Security Architect
0 Likes
Reply
Report Inappropriate Content
manojs
Commodore
Commodore
‎2019-09-16 14:52

Make sure your AL has a Key Field.

Key field will be helpful when calling/comparing values in an AL using a Rule.

Use "InActiveList" condition in Rule to call AL where Hostnames are stored and make sure you map key field in the  AL.

This way you can write conditions to match AL values.

 

Hope this helps.

 

 

~Manoj S.

 

Manoj S.
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.