New Ranks & Badges For The Community!
Notice something different? The ranks and associated badges have gone "Star Fleet". See what they all mean HERE
Highlighted
Absent Member.
Absent Member.
332 views

Create ESM Forwarder to send only correlated events and the events that triggered them?

Would it be possible to setup a filter for an ESM filterer to only send correlated events, but also the events that triggered them. I envision an analyst being able to click the correlated event forwarded from another ESM and see the detailed correlation chain. This would get the most important stuff from another entity's ESM, without sending all of the garbage, which my ESM wouldn't be able to handle anyways.

Labels (2)
0 Likes
Reply
2 Replies
Highlighted
Absent Member.
Absent Member.

Hi,

I have the same problem. I don't see event based.

Could anybody help us?

Jack

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

You need to specify the version of ESM you are using; it works in 5.x, but last I checked doesn't work in 6.x.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.