Video Screencast Help

no new incidents created in the incident tab???

Created: 26 Apr 2012 • Updated: 29 Apr 2012 | 2 comments

Hi,

I have only 2 incident showing in the incident tabs. I have deployed system rules and event a mail notifcation but still I am not able to view new incidents.

The only 2 incident shown are

1) portscan detector

2) trojan connections

 

please find the attached screen shot of the incident tab and also the rules deployed.

 

 

 

Comments 2 CommentsJump to latest comment

Avkash K's picture

Are you getting incident creation laert for other rules??

 

Also i can see that query limit 5000 has been reached in your console....so you won't be able to see all the incidents beyond 5000...please close unwanted incidents first....

also check what products are integrated with SSIM.

 

Depending on your products & requirements correlation rules you should define to avoid false positives......

Regards,

Avkash K

atul557's picture

I can see some other incidents creation alert but those were few months back...but from past 3 to 4months just only 2 incidents creation alerts:

-- portscan detector, --trojan connections

I have closed down many incidents but still its showing  "query limit 5000 has been reached".