Hi Risto, Sorry again. I´m learning SEC and i have a doubt.
I tried to create an alert that detects a user connecting to a device throught 5 diferent ip address if this happends create an alert. I don´t know how to detect the differences. with desc i can group by user but i don´t know how to detect the differences between the ip addresses. Another doubt, Can you read the context names that the alert is managing at the same time? List or something of it. Log file 29/09/2015 10:14:POST 132.56.96.123 Korsakof 29/09/2015 10:14:POST 132.56.96.124 Korsakof Many thanks for your help. Regards.
------------------------------------------------------------------------------
_______________________________________________ Simple-evcorr-users mailing list Simple-evcorr-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
