Highlighted
PaoloM Trusted Contributor.
Trusted Contributor.
296 views

SBEC doesn't work with 3 events occuring within 2 minutes

Hi,

I have a problem with a rule of SBEC.

I resume the situation:

 

I set:

As event filter, I have set, a condition that matches Title that contains (without case sensitive) the string tcVisionLog:

CORRELATION

Title

Object

Node ID

REPETITIONS

events set contains at least 3 events.

threat duplicates as repetitions.

TIME WINDOW

These events must occur within 2 minutes.

The execution action is perform when first time the condition is fullfilled.

EXECUTION

Execute actions first time condition is fullfilled.

Handle subsequent events within remaining time window accordingly.

ACTIONS

I have set first event as reference and then release all events.

I have set:

Related CI Hint, Node Hint, Category, 

also, the key:

${LOG_tcVISION.Object (String)}:${LOG_tcVISION.Node Hint (String)}

in the new event generated with the SBEC.

The problem is that duplicated events of policy that generate events, don't generated as expected new SBEC event, but sometimes there are duplicated events of SBEC but each 3 minutes and not each 2 minutes, and other once there are any new SBEC event in the console OMi.

I dont' understand why.

Can anyone has the same problem, or have ecountered this situation?

Thanks in advance for the  support.

Best regards.

Paolo

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.