New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
Absent Member.
Absent Member.
392 views

Rule checking new virus signature with events in past

Jump to solution

Hi,

I would like to configure this rule:

When it is detected a virus (new signature) in a mail with a subject "XXX", check if there is other email in the past with the same subject.

I don't know if it is possible to do that without an active list which saves all subjects. If it is possible to do without active list, please could someone tell me how to do that (with an example).

Thanks in advance,

Álvaro

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Fleet Admiral
Fleet Admiral

Put the subject of the email triggering the alert in an Active List with a TTL of 1 hour, then use the AL as a filter for a Query and Scheduled Report that runs every hour searching maybe the last 24 hours of events

View solution in original post

0 Likes
2 Replies
Highlighted
Fleet Admiral
Fleet Admiral

Put the subject of the email triggering the alert in an Active List with a TTL of 1 hour, then use the AL as a filter for a Query and Scheduled Report that runs every hour searching maybe the last 24 hours of events

View solution in original post

0 Likes
Highlighted
Fleet Admiral Fleet Admiral
Fleet Admiral

You might be able to use scheduled rules depending on how far back in time you want to search.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.