Hi all,
Can someone please help?
Thanks.
-Original Message-
From: Elran Dvir
Sent: Wednesday, November 06, 2013 8:51 AM
To: 'Rules Users List'
Subject: RE: [rules-users] how can I modify a batch of objects
Hi Wolfgang,
I am sorry to nag, but did you have a chance to look at
o be retracted. It will expire)
All other CandidatesWindow expire when time comes.
How can I update/modify an existing CandidatesWindow and activate the second
rule?
Thank you very much.
-Original Message-
From: rules-users-boun...@lists.jboss.org
[mailto:rules-users-boun...@lists.jboss.org
I attach it to existing (not
expired) windows, and create a new widow (and attach the log) because each log
basically starts a new window.
The second rule creates a new event if the count fits and retracts the
activating CandidatesWindow (it doesn't have to be retracted. It will expire)
A
The memory consumption has to be tackled by reducing the number of
half-baked activations.
I understand that you have to monitor certain connections (excluding
those that can or have to be filtered out). And an observation window
has to keep track of what goes on between one source s1 and one
dest
Hi all,
I am trying to identify a port scan event.
The basic fact is connection log. For each combination of src (source IP) and
dst (destination IP) , detect a port scan event, if over 60 seconds there were
at least 20 connection logs with different service and protocol.
The event will stay c
