Hi,
Is it possible to configure alerts to work on a clock ?
I.e, i want some alarms to trigger during out of hours or weekends, but not during mon-fri hours. Is this possible ?
Additionally,
Can you stack events and correlate for alerting?
example: You have a rule that triggers if EVID 1234 is seen. However what i want is an exception whereby if EVID 5678 is seen from the same user that triggered EVID 1234 within a couple of minutes, dont alert. Only alert if EVID 1234 is seen without EVID 5678.
Hope ive explained this okay.
Many thanks.