Video Screencast Help

SSIM Incident Search

Created: 03 Feb 2013 | 1 comment
Vikram Kumar-SAV to SEP's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote

There should be a way to search an IP/Hostname on the incident list. Currently there is no way of knowing how many incident an Server/machine is generating.

i.e. Want to know how many incident was generated by a machine in past week or today.

Comments 1 CommentJump to latest comment

JH-Analyst's picture

I agree, I've had to do this several times without success. A workaround in a few occasions has been to include those fields in the rule's Actions Tab -> Description text area so that it shows in the list view, which does work for searching.

Login to vote