Hi
Maybe someone had to face a similar problem. I need help describing a rule that will compare a specific event field with a specific column in the active list.
The first question: is it possible to implement?
I've looked at ArcSight's built-in rules that interact with active lists in some way, but I still don't understand how it works.
I've read that this may require defining local variables for the rule, or is it possible to do without them?
Can someone explain this with an example?
I just need to take a certain field from the incoming events and compare it to a column in the active list.
Mostly it is an IP address
Thank you in advance!
Bohdan